Hjedd, a Chinese-language adult content and NSFW social platform, was found in July 2022 to be operating an unsecured ElasticSearch database that exposed personal information for over 14 million users. Independent security researcher Anurag Sen discovered the exposed server via Shodan and confirmed that no authentication was required to access the data, which totaled more than 24 gigabytes of records. Sen disclosed the issue to Hjedd on multiple occasions, but the platform did not respond or secure the server, and the database continued to update with newly registered users' data while remaining publicly accessible. Cybercriminals subsequently posted a downloadable copy of the dataset, containing approximately 13.4 million unique user accounts, on a hacker forum.

The breach affected approximately 13.4 million users in the publicly distributed dataset and over 14 million users in the broader exposed database. Compromised fields included usernames, nicknames, email addresses, phone numbers, member profile details, user comments, login IP addresses, bcrypt-hashed passwords, and direct messages exchanged between users. The exposure of direct messages is particularly consequential because these messages contain private communications about adult-content interests, sexual preferences, and arrangements between users.

For affected users, the practical risk profile is unusually severe because of the platform's adult-content context and the inclusion of direct messages. The combination of email address, IP address, and bcrypt-hashed password creates credential-stuffing and account-takeover risk on other platforms where users may have reused the same credentials. More distinctively, inclusion in the dataset confirms an adult-content-platform relationship and may include private messages that explicitly describe the user's sexual interests, partners, or arrangements. This creates substantial extortion risk, in which attackers threaten to disclose the user's account or message history to family members, employers, or social networks unless ransom payments are made. Affected users who receive extortion attempts should not pay ransom demands, as payment does not stop further extortion and may invite additional attempts. Users should change passwords on any other accounts where the same password was reused, enable two-factor authentication where available, document all extortion communications, and report extortion attempts to law enforcement. Users should also be aware that bcrypt password hashes can be cracked over time as computing capacity increases.

Adult social and content platforms collect highly sensitive account identifiers, emails, usernames, passwords, IP addresses, and usage activity tied to explicit-content participation.

Independent security researcher Anurag Sen discovered the unsecured Hjedd database via Shodan in July 2022 and documented that the server was publicly accessible without authentication. Sen disclosed the issue to Hjedd on multiple occasions, but the platform did not respond or secure the server. The database remained exposed for an extended period, during which it continued to update with newly registered users' data. Cybercriminals discovered the exposure independently and posted a free download of the Hjedd database on a hacker forum that had emerged as an alternative to the seized RaidForums. Have I Been Pwned indexed the breach in October 2023 and DataBreach.com indexed it in February 2025. The case has been widely cited in security research as an example of misconfigured ElasticSearch exposures and unresponsive vendor remediation.