NetEase
  • Total Records287,898,957
  • Unique Emails225,590,303
  • Unique Email Providers1,187,338
  • Unique Passwords97,230,226
  • Unique Usernames22,770,350

NetEase Data Breach: 287 Million Email Accounts Exposed

The NetEase data breach stands out as one of the largest exposures of email credentials on record, with close to 288 million user accounts impacted. NetEase, widely known for its popular email services accessible through domains like 163.com and 126.com, suffered a breach that led to the leak of both email addresses and passwords. While exact details around the original attack remain debated, this incident represents a massive blow, as leaked credentials from some of China’s most-used email providers were soon circulating in underground markets, affecting millions of everyday users and professionals alike.

What Happened in the NetEase Email Data Breach?

The breach saw unauthorized access to account information tied to NetEase’s email services. Data included email addresses and corresponding account passwords for users registered on the 163.com and 126.com email domains. This sensitive information was subsequently distributed online, drastically increasing risks of credential reuse and further attacks targeting affected users.

When Did the NetEase Data Breach Occur?

The data breach is attributed to leaks traced as far back as 1900 due to reporting inconsistencies, but user records began surfacing on the underground market during the 2010s. The exact timeline of the breach discovery and leak is difficult to pin down given the age and the size of the dataset, but it quickly gained attention once the sheer number of exposed accounts became apparent.

Scope and Impact of the Breach

Approximately 287,898,958 email accounts were compromised in this breach. Both personal and business users relying on NetEase's 163.com and 126.com services found their account details exposed online. The magnitude of this incident placed it among the largest email credential breaches publicly known. Given the popularity of NetEase in China and beyond, the breach raised significant concerns about potential risks of phishing, account hijacking, and credential stuffing.

What Data Was Exposed?

  • Email addresses — Associated with 163.com and 126.com NetEase accounts.
  • Passwords — Corresponding to exposed email addresses.

Timeline of Key Events

  • Breach window: While the official breach date is unclear, most records originate from the early to mid-2010s, with leaks surfacing in online forums and marketplaces soon after.
  • Public circulation: The data set was widely spread across underground channels, often used for credential stuffing attacks and spam campaigns.

Frequently Asked Questions

How many users were affected in the NetEase data breach?

Approximately 287,898,958 NetEase users from 163.com and 126.com email services had email addresses and passwords exposed in this breach.

What was leaked in the NetEase data breach?

The breach exposed both email addresses and their associated account passwords primarily from NetEase’s 163.com and 126.com domains.

What happened in the NetEase data breach?

NetEase’s popular email services suffered a breach resulting in the leak of nearly 288 million user records, including credentials. The breached data appeared in online underground forums and has been circulated for use in further attacks and spamming campaigns.

How can I check if I'm in the NetEase breach?

You can check if your information was part of the NetEase breach by utilizing the DeHashed search engine.