Hjedd 2022 Data Breach

Hjedd Chinese Adult Content Platform Breach (2022): 13 Million User Accounts Including Passwords Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

n/a (researcher disclosure - Anurag Sen)MisconfigurationAdultEmail AddressIP AddressPasswordUsername
High SeverityWebsite / service breach

Hjedd Chinese Adult Content Platform Breach (2022): 13 Million User Accounts Including Passwords Exposed

Chinese adult content platform

Verified by ObscureIQ Intelligence
65/100Breach Risk Index
25Data Value
25Market Recency
446dSince Breach

Breach Intelligence Summary

Entity: Hjedd · Actor: n/a (researcher disclosure - Anurag Sen) · Sources: 4 references
Attack: Misconfiguration
Profile: Platform · Adult content and social interaction · Account-based content platform · Global
Timeline: Breach (2022-07-18) · Indexed (Feb 05, 2025) · Year (2022)
Exposure: 13.4M records · 4 fields: Email Address, IP Address, Password, Username
Status: Confirmed

Executive Summary

Hjedd, a Chinese-language adult content and NSFW social platform, was found in July 2022 to be operating an unsecured ElasticSearch database that exposed personal information for over 14 million users. Independent security researcher Anurag Sen discovered the exposed server via Shodan and confirmed that no authentication was required to access the data, which totaled more than 24 gigabytes of records. Sen disclosed the issue to Hjedd on multiple occasions, but the platform did not respond or secure the server, and the database continued to update with newly registered users' data while remaining publicly accessible. Cybercriminals subsequently posted a downloadable copy of the dataset, containing approximately 13.4 million unique user accounts, on a hacker forum. The breach affected approximately 13.4 million users in the publicly distributed dataset and over 14 million users in the broader exposed database. Compromised fields included usernames, nicknames, email addresses, phone numbers, member profile details, user comments, login IP addresses, bcrypt-hashed passwords, and direct messages exchanged between users. The exposure of direct messages is particularly consequential because these messages contain private communications about adult-content interests, sexual preferences, and arrangements between users. For affected users, the practical risk profile is unusually severe because of the platform's adult-content context and the inclusion of direct messages. The combination of email address, IP address, and bcrypt-hashed password creates credential-stuffing and account-takeover risk on other platforms where users may have reused the same credentials. More distinctively, inclusion in the dataset confirms an adult-content-platform relationship and may include private messages that explicitly describe the user's sexual interests, partners, or arrangements. This creates substantial extortion risk, in which attackers threaten to disclose the user's account or message history to family members, employers, or social networks unless ransom payments are made. Affected users who receive extortion attempts should not pay ransom demands, as payment does not stop further extortion and may invite additional attempts. Users should change passwords on any other accounts where the same password was reused, enable two-factor authentication where available, document all extortion communications, and report extortion attempts to law enforcement. Users should also be aware that bcrypt password hashes can be cracked over time as computing capacity increases.

ObscureIQ assessment: Extremely sensitive. Exposure enables extortion, harassment, reputational harm, and identity linkage, while IP and credential data increase the risk of tracking and account compromise.

Breach Impact

The institutional impact on Hjedd is difficult to assess given the platform's limited public profile and apparent unresponsiveness to disclosure. The platform did not issue a public statement, did not notify affected users, and reportedly did not secure the database in response to repeated researcher disclosure. Chinese regulatory authorities have not publicly announced enforcement action, and Hjedd faces no apparent civil litigation. Operationally, however, the breach exposed the platform's lack of basic security controls and continued operation of an unsecured database for an extended period, raising questions about user trust and ongoing data protection.

About Hjedd

Hjedd was a Chinese-language adult content and NSFW (not safe for work) social platform with a substantial user base. The platform combined adult content distribution, user-generated content, account-based social features including direct messaging between users, and forum-style interaction. As an adult content platform of significant scale, Hjedd maintained user account identifiers, email addresses, usernames, login credentials, IP addresses, mobile phone numbers, member profile details, user comments, and direct messages exchanged between users. The platform's user base was concentrated in Chinese-speaking regions but registration was not geographically restricted.

Why They Hold Your Data

Adult social and content platforms collect highly sensitive account identifiers, emails, usernames, passwords, IP addresses, and usage activity tied to explicit-content participation.

Recent Developments

Independent security researcher Anurag Sen discovered the unsecured Hjedd database via Shodan in July 2022 and documented that the server was publicly accessible without authentication. Sen disclosed the issue to Hjedd on multiple occasions, but the platform did not respond or secure the server. The database remained exposed for an extended period, during which it continued to update with newly registered users' data. Cybercriminals discovered the exposure independently and posted a free download of the Hjedd database on a hacker forum that had emerged as an alternative to the seized RaidForums. Have I Been Pwned indexed the breach in October 2023 and DataBreach.com indexed it in February 2025. The case has been widely cited in security research as an example of misconfigured ElasticSearch exposures and unresponsive vendor remediation.

Data Points Exposed

4 verified field types
Email Address
IP Address
Password Critical
Username

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • Credential stuffing against reused passwords across other platforms
  • Targeted phishing campaigns using exposed email addresses
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Geolocation & account flagging
  • Credential stuffing & account takeover
  • Cross-platform tracking & credential stuffing

Threat Actor: n/a (researcher disclosure - Anurag Sen)

n/a (researcher disclosure - Anurag Sen)
Misconfiguration

Attribution and method are based on available breach intelligence. Reported attack vector: Misconfiguration.

Recommended Actions

If you believe your information may be included:

Change Reused Passwords
Update this account and anywhere you reused the password; use a manager.
Password manager guide
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Hjedd breach?

Hjedd, a Chinese-language adult content and NSFW social platform, was found in July 2022 to be operating an unsecured ElasticSearch database that exposed personal information for over 14 million users. Independent security researcher Anurag Sen discovered the exposed server via Shodan and confirmed…

What data was exposed?

Verified fields include Email Address, IP Address, Password, Username.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
Breach Index
Have I Been Pwned
Record & field corroboration
Cross-source
Dehashed
Independent catalogue listing
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation