Terabytes of information on billions of Chinese citizens for sale.

A total of 15 breach events were found and analysed resulting in 20,982,366 exposed accounts containing a total of 17 different data types of personal datum . The breaches found publicly and freely available included Anime Digital Network, GBATEMP, Tutu, Nival and World of War. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Data Breach Analysis

Notably included in this breach set was Anime Digital Network, a French anime streaming platform. Streaming services often store user profiles, billing preferences, and viewing histories, making them increasingly attractive to attackers aiming to exploit behavioural data for tailored phishing or resale on dark markets.

Also compromised was GBATEMP, a long-standing gaming forum focused on handheld console emulation and homebrew software. Forums like GBATEMP typically retain usernames, hashed passwords, email addresses, and IP logs, forming a rich target set for credential stuffing and impersonation attacks.

The dataset further includes breaches from Tutu, a third-party app marketplace, Nival, a game developer known for titles like Blitzkrieg and Etherlords, and World of War, a lesser-known gaming site potentially misidentified or confused with other similarly named platforms.

Together, these platforms represent a cross-section of the gaming and entertainment ecosystem, with data likely drawn from highly active user communities. Many such communities have international followings and a history of repeat engagement, raising the risk of long-term impact from leaked credentials and account histories.

This breach cluster underscores how recreational and community-driven platforms are frequently underestimated as security targets. In practice, they often store data as sensitive as that held by commercial platforms and can serve as on-ramps for larger-scale identity theft if exploited.

With over 20 million accounts exposed and the data still publicly accessible, these incidents highlight the persistent risk posed by under-secured platforms in the entertainment sector, and the importance of user hygiene, such as password variation and account monitoring, across all digital touchpoints.

Spotlight

There seems to be a trend coming out of People's Republic of China regarding some very large leaks. Earlier this week, we witnessed a user on a popular hacking forum selling terabytes of information on billions of Chinese citizens. More recently, a different user on the same forum has dumped the Shanghai police database from 2016. Users are reporting that once the files are unzipped and opened, the file tries to connect to a remote address, but the data is real. Suffice to say, it hasn’t been a great week for the CCP.

An international shipping company has had one of their databases from 2021 dumped online. With over 380k employees operating in most countries around the world and over 1 billion parcels delivered last year, you can see a company of this size being a target for threat actors. A range of personal information included email addresses, full names, and hashed passwords in the breach.

One of the most popular Russian travel sites has also been breached with its data dumped online. The site allows users to book flights, trains, and holidays. It has a huge user base, being ranked second in Russia for selling train tickets last year. Unfortunately for them, a very large section of their user base, possibly their whole user-base is now in circulation on a variety of hacking forums. The file has over 40mb of data, the datasets include mobile phone numbers and full names.