'%3e%3cg id='Final-Copy-2_2_' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st0' d='M7.4,12.8h6.8l3.1-11.6H7.4C4.2,1.2,1.6,3.8,1.6,7S4.2,12.8,7.4,12.8z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg id='final---dec.11-2020'%3e%3cg id='_x30_208-our-toggle' transform='translate(-1275.000000, -200.000000)'%3e%3cg id='Final-Copy-2' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st1' d='M22.6,0H7.4c-3.9,0-7,3.1-7,7s3.1,7,7,7h15.2c3.9,0,7-3.1,7-7S26.4,0,22.6,0z M1.6,7c0-3.2,2.6-5.8,5.8-5.8 h9.9l-3.1,11.6H7.4C4.2,12.8,1.6,10.2,1.6,7z'/%3e%3cpath id='x' class='st2' d='M24.6,4c0.2,0.2,0.2,0.6,0,0.8l0,0L22.5,7l2.2,2.2c0.2,0.2,0.2,0.6,0,0.8c-0.2,0.2-0.6,0.2-0.8,0 l0,0l-2.2-2.2L19.5,10c-0.2,0.2-0.6,0.2-0.8,0c-0.2-0.2-0.2-0.6,0-0.8l0,0L20.8,7l-2.2-2.2c-0.2-0.2-0.2-0.6,0-0.8 c0.2-0.2,0.6-0.2,0.8,0l0,0l2.2,2.2L23.8,4C24,3.8,24.4,3.8,24.6,4z'/%3e%3cpath id='y' class='st3' d='M12.7,4.1c0.2,0.2,0.3,0.6,0.1,0.8l0,0L8.6,9.8C8.5,9.9,8.4,10,8.3,10c-0.2,0.1-0.5,0.1-0.7-0.1l0,0 L5.4,7.7c-0.2-0.2-0.2-0.6,0-0.8c0.2-0.2,0.6-0.2,0.8,0l0,0L8,8.6l3.8-4.5C12,3.9,12.4,3.9,12.7,4.1z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Taobao, Renren and others fall victim of data leaks.
07 March 2021BREACHAWARE HQ
A total of 7 breach events were found and analysed resulting in 21,621,421 exposed accounts containing a total of 9 different data types of personal datum . The breaches found publicly and freely available included Taobao, Renren, InterPals, Openaid and Half-Life TV. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Socia-Demographic Data, Contact Data, Technical Data.
Data Breach Analysis
The affected platforms represent a varied collection of services ranging from Chinese e-commerce giants and social networks to language exchange communities and gaming-related websites. Among the organisations and services involved in these breaches were Taobao, Renren, InterPals, Openaid, and Half-Life TV.Taobao, a massive Chinese online shopping platform owned by Alibaba, represents one of the most significant breaches in terms of potential impact. Often described as China’s equivalent to eBay or Amazon Marketplace, Taobao boasts hundreds of millions of users and vendors. A breach involving this platform is significant not just because of the volume of data, but due to the variety and sensitivity of data it may include.
There were previous reports indicating that a Taobao breach involved data scraping activities that harvested user information from the site via a third-party application. Although not technically a breach through hacking, the scale of data collection, reportedly hundreds of millions of records, raised alarms regarding how data exposure can still occur at mass scale, even without compromising internal systems. For affected users, the exposure of account information could facilitate targeted scams, particularly those mimicking customer service interactions or refund processes.
Renren, once heralded as China’s answer to Facebook, is another high-profile inclusion. Although its popularity has faded in recent years, during its peak it was a central social media platform among Chinese university students and young adults. The breach of Renren’s data is notable because it may include deeply personal user data from a time when social media privacy standards were far less rigorous.
Social network breaches like this are uniquely potent due to the networked nature of the platforms. When contact information, friend lists, or communication logs are compromised, the risk is not confined to individual users but ripples through their social graph. Attackers may use leaked information to craft spear-phishing attacks that appear to come from trusted acquaintances or to perform identity verification attacks using known affiliations.
InterPals is a long-running pen pal and language exchange site that facilitates connections between users from around the world. It has developed a niche user base interested in international friendships and cultural exchange. Because many users share sensitive personal context in the course of trying to form genuine relationships, the data, while not overtly financial, could have significant value in profiling individuals or performing long-term social engineering.
Additionally, the interpersonal and sometimes emotional nature of interactions on InterPals makes this kind of data breach particularly concerning. Even if financial data isn’t at play, the sensitive nature of disclosed details in personal messages could lead to blackmail, extortion, or harassment if exploited maliciously.
Openaid is a lesser-known platform that appears to have hosted or supported humanitarian or open development data. While less mainstream than others on the list, any platform dealing with aid or charitable initiatives may handle emails, project management data, and contributor information. Breaches in this category of service can potentially undermine trust in aid coordination or expose internal documents not meant for public release.
If administrative accounts or backend tools were compromised, the attacker may have had visibility into internal workflows or even access tokens to broader services. While Openaid may not host highly sensitive personal data on the scale of Taobao or Renren, it’s important to consider that leaks from such systems can disrupt operational security and reputational trust in a tightly knit sector like international aid.
Half-Life TV (HLTV), a popular esports and gaming statistics site focused on the competitive Counter-Strike: Global Offensive (CS:GO) scene, is another notable entry in this breach list. HLTV hosts forums, team rankings, match histories, and user accounts for a highly engaged audience.
While the data types involved may appear relatively minor at first glance, HLTV’s community is tightly connected to the broader esports ecosystem, where account reputation, team affiliations, and user handles hold value. A breach of this type could facilitate impersonation, doxing, or harassment, especially within a competitive or highly visible community.
Across these seven breaches, the presence of nine distinct data types suggests a broad and multifaceted data exposure. The combination of these data types offers a troubling picture for long-term digital safety, especially as more data breaches become publicly searchable and easily cross-referenced.
What stands out among this particular set of incidents is the global spread of the affected platforms. From Chinese tech giants and social media to international gaming and educational communities, the affected users come from an array of linguistic, cultural, and demographic backgrounds. This global scope increases the complexity of impact assessment. The risks may be more severe in jurisdictions with weaker data protection laws or where affected users are unlikely to be notified due to outdated contact details or lack of regulatory oversight.
Another underlying theme is the tension between the longevity of user data and the ephemerality of platform relevance. Many of these services, Renren, InterPals, even HLTV, hold legacy value for their communities, even as user engagement may fluctuate or decline. But user data, once submitted, often remains stored indefinitely. Insecure retention policies, aging infrastructure, and lack of active security maintenance all contribute to these platforms becoming targets over time.
In total, more than 21 million accounts were compromised across these platforms. The variety of data types involved means that even if no financial information was directly leaked, the potential for identity compromise, phishing, and social engineering remains high. These breaches underscore the necessity of examining platforms not just for their present popularity, but for their role in users’ digital history and identity management over time.
