NetEase Data Breach
NetEase Chinese Internet & Email Service Breach (2015): 259 Million User Accounts Including Passwords Exposed
Chinese internet and gaming company.
Risk Interpretation
High risk due to scale. Enables credential reuse attacks, phishing, and cross-platform identity linkage.
Impact & Downstream Threats
In October 2015 a breach of NetEase email systems was reported, with a dataset of approximately 235 million email address and plaintext password pairs subsequently circulated. NetEase denied the breach publicly, attributing leaked samples to phishing activity rather than a system compromise. The plaintext storage of passwords — if confirmed — would represent a fundamental security failure for an email service operating at this scale. Given NetEase's denial and the absence of independent forensic
- Credential stuffing against reused passwords across other platforms
- Targeted phishing campaigns using exposed email addresses
Threat Vectors
Breach Intelligence
Executive Summary
NetEase, the Chinese internet company behind the widely used 163.com and 126.com email services, was reported in 2015 to have suffered a breach affecting approximately 235 million user accounts. The compromised dataset later surfaced on dark web marketplaces, where it was offered for sale by cybercriminals. NetEase publicly denied any breach of its systems, attributing leaked credential samples to phishing activity rather than a direct compromise. The incident remains partially disputed. Cybersecurity researchers and the breach notification service Have I Been Pwned (HIBP) catalogued the dataset as unverified but legitimate, based on multiple users confirming their own credentials within the leaked data. The exposed data consisted of email addresses and plaintext passwords. Plaintext storage means passwords were recorded in readable form rather than being scrambled through cryptographic hashing, a standard security practice. If confirmed, this would represent a fundamental failure in how user credentials were protected. For affected individuals, the practical consequence is that anyone who obtained the dataset could attempt to log in to their NetEase account directly, and could try the same email and password combination across banking, social media, and other platforms where the user may have reused credentials. No formal breach notification was issued to affected users, and no regulatory action or legal proceedings arising from this incident have been publicly confirmed. NetEase's denial means affected individuals received no official warning. People who used 163.com or 126.com email services around this period and reused those passwords elsewhere should treat those credentials as compromised, change them immediately on any accounts where they were reused, and enable two-factor authentication where available.
About NetEase
NetEase is one of China's largest internet companies, operating email services under the 163.com and 126.com domains alongside online gaming, e-commerce, music streaming, and education platforms. Founded in 1997 and headquartered in Guangzhou, the company is publicly listed on Nasdaq and the Hong Kong Stock Exchange. Its email services have been among the most widely used in China for decades and represent a substantial share of Chinese consumer email infrastructure.
Why They Hold Your Data
Large internet platforms collect user identity, gaming data, email accounts, behavioral activity, and digital service usage across multi-product ecosystems.
Recent Developments
NetEase has continued expanding its gaming, education, and music businesses. Its cloud music platform NetEase Cloud Music went public on the Hong Kong Stock Exchange in 2021. The company has navigated China's broader regulatory environment for internet companies, which has included licensing scrutiny and content oversight. NetEase's game development operations remain a core revenue driver with titles distributed in international markets.
Data Points Exposed
Canonical Fields
email_address, password
Dark Web Verification
- Dataset containing ~259.8M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: 163.com-2015;NetEase Data Breach
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of NetEase
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam