Chinese e-commerce company.
A JD.com breach dating to 2013 exposed roughly 141.6 million accounts (about 77 million unique email addresses), with the data surfacing for trade in 2016. Exposed data included email addresses, usernames, phone numbers, and passwords stored as SHA-1 hashes. JD.com attributed the compromise to an Apache Struts 2 vulnerability.
ObscureIQ assessment: High risk of fraud, phishing, and account takeover. Large datasets enable mass targeting and behavioral profiling.
The pairing of phone numbers with email and crackable SHA-1 credentials at massive scale supports credential stuffing, SMS phishing, and large-scale account-takeover attempts against Chinese consumers.
JD.com (Jingdong) is one of China’s largest e-commerce companies, operating a major online retail and logistics platform serving hundreds of millions of customers.
Large-scale e-commerce platforms collect customer identity, contact data, payment information, order history, and logistics records across integrated retail ecosystems.
JD.com apologized in 2016 when data traced to the incident began circulating. The company attributed the breach to a vulnerability in the Apache Struts 2 framework.
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
If you believe your information may be included:
A JD.com breach dating to 2013 exposed roughly 141.6 million accounts (about 77 million unique email addresses), with the data surfacing for trade in 2016. Exposed data included email addresses, usernames, phone numbers, and passwords stored as SHA-1 hashes. JD.com attributed the compromise to an…
Verified fields include Email Address, Password, Phone Number, Username.
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Every claim on this page is traceable. This breach draws on:
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation