NetEase 2015 Data Breach

NetEase Chinese Internet & Email Service Breach (2015): 259 Million User Accounts Including Passwords Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

MisconfigurationGamingEmail AddressPassword
Low SeverityWebsite / service breach

NetEase Chinese Internet & Email Service Breach (2015): 259 Million User Accounts Including Passwords Exposed

Chinese internet and gaming company.

Verified by ObscureIQ Intelligence
23/100Breach Risk Index
5Data Value
25Market Recency
512dSince Breach

Breach Intelligence Summary

Entity: NetEase · Actor: Unknown · Sources: 10 references
Attack: Misconfiguration
Profile: Company · Internet services and gaming · Digital entertainment and platform ecosystem · China / Global
Timeline: Breach (2015-10-19) · Indexed (Dec 01, 2024) · Year (2015)
Exposure: 259.8M records · 2 fields: Email Address, Password
Status: Unverified

Executive Summary

NetEase, the Chinese internet company behind the widely used 163.com and 126.com email services, was reported in 2015 to have suffered a breach affecting approximately 235 million user accounts. The compromised dataset later surfaced on dark web marketplaces, where it was offered for sale by cybercriminals. NetEase publicly denied any breach of its systems, attributing leaked credential samples to phishing activity rather than a direct compromise. The incident remains partially disputed. Cybersecurity researchers and the breach notification service Have I Been Pwned (HIBP) catalogued the dataset as unverified but legitimate, based on multiple users confirming their own credentials within the leaked data. The exposed data consisted of email addresses and plaintext passwords. Plaintext storage means passwords were recorded in readable form rather than being scrambled through cryptographic hashing, a standard security practice. If confirmed, this would represent a fundamental failure in how user credentials were protected. For affected individuals, the practical consequence is that anyone who obtained the dataset could attempt to log in to their NetEase account directly, and could try the same email and password combination across banking, social media, and other platforms where the user may have reused credentials. No formal breach notification was issued to affected users, and no regulatory action or legal proceedings arising from this incident have been publicly confirmed. NetEase's denial means affected individuals received no official warning. People who used 163.com or 126.com email services around this period and reused those passwords elsewhere should treat those credentials as compromised, change them immediately on any accounts where they were reused, and enable two-factor authentication where available.

ObscureIQ assessment: High risk due to scale. Enables credential reuse attacks, phishing, and cross-platform identity linkage.

Breach Impact

In October 2015 a breach of NetEase email systems was reported, with a dataset of approximately 235 million email address and plaintext password pairs subsequently circulated. NetEase denied the breach publicly, attributing leaked samples to phishing activity rather than a system compromise. The plaintext storage of passwords — if confirmed — would represent a fundamental security failure for an email service operating at this scale. Given NetEase's denial and the absence of independent forensic confirmation, the breach remains partially disputed. No formal breach notification to affected users was issued. The dataset was added to Have I Been Pwned based on external researcher verification.

About NetEase

NetEase is one of China's largest internet companies, operating email services under the 163.com and 126.com domains alongside online gaming, e-commerce, music streaming, and education platforms. Founded in 1997 and headquartered in Guangzhou, the company is publicly listed on Nasdaq and the Hong Kong Stock Exchange. Its email services have been among the most widely used in China for decades and represent a substantial share of Chinese consumer email infrastructure.

Why They Hold Your Data

Large internet platforms collect user identity, gaming data, email accounts, behavioral activity, and digital service usage across multi-product ecosystems.

Recent Developments

NetEase has continued expanding its gaming, education, and music businesses. Its cloud music platform NetEase Cloud Music went public on the Hong Kong Stock Exchange in 2021. The company has navigated China's broader regulatory environment for internet companies, which has included licensing scrutiny and content oversight. NetEase's game development operations remain a core revenue driver with titles distributed in international markets.

Data Points Exposed

2 verified field types
Email Address
Password Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Credential stuffing against reused passwords across other platforms
  • Targeted phishing campaigns using exposed email addresses
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Credential stuffing & account takeover

Recommended Actions

If you believe your information may be included:

Change Reused Passwords
Update this account and anywhere you reused the password; use a manager.
Password manager guide
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the NetEase breach?

NetEase, the Chinese internet company behind the widely used 163.com and 126.com email services, was reported in 2015 to have suffered a breach affecting approximately 235 million user accounts. The compromised dataset later surfaced on dark web marketplaces, where it was offered for sale by…

What data was exposed?

Verified fields include Email Address, Password.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
Breach Index
Have I Been Pwned
Record & field corroboration
Cross-source
9ghz
Independent catalogue listing
Cross-source
BreachAware
Independent catalogue listing
Cross-source
DataViper.io
Independent catalogue listing
Cross-source
Dehashed
Independent catalogue listing
Cross-source
Keeper
Independent catalogue listing
Cross-source
Leaked.Domains
Independent catalogue listing
Cross-source
leakfind
Independent catalogue listing
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation