Creaders Column Breach: 45K Overseas Chinese Community Accounts Exposed
DarkHive discovered a data breach affecting Creaders Column, a Canada-based column and essay platform serving the overseas Chinese community operating at column.creaders.net. The breach exposed 45,937 user records and was dated March 14, 2018. Leaked data included email addresses and passwords stored using an inconsistent mix of bcrypt and MD5 hashing. The mixed password storage indicates uneven security implementation on the platform, with MD5-hashed accounts particulary vulnerable to rapid cracking attacks.
Why This Is Dangerous
The presence of MD5 hashes alongside bcrypt in this breach means a significant portion of affected accounts are immediately vulnerable to GPU-accelerated password cracking. Overseas Chinese community members frequently maintain accounts across Chinese social media platforms, messaging apps like WeChat, and regional news and community sites where the same email and password combination is reused. Once MD5 passwords are cracked, attackers can test them against these platforms and any other service where the same credentials were used.
What Was Exposed
- Email addresses
- Passwords (mixed hashing: bcrypt and MD5)
Why This Matters
With nearly 46,000 records exposed, this breach represents a substantial data loss from a Chinese diaspora community platform. MD5-hashed passwords in this breach remain crackable with modern tools, meaning affected users who have not changed thier passwords since 2018 remain at risk today. Credential stuffing attacks powered by this breach can target Chinese-language platforms, email providers, and social media networks. The breach data has circulated in combolists targeting the overseas Chinese community and has been observed in credential trading channels since the incident occured.
How Database Breach Works
In a database breach, attackers exploit vulnerabilities in web application code, CMS plugins, or server configurations to extract stored user records. Community news and essay platforms serving diaspora communities often rely on legacy CMS infrastructure with infrequent security updates, making them particulary susceptible to exploitation. Once extracted, the MD5-hashed passwords are cracked using Hashcat and similar tools at billions of hashes per second. The recovered credentials are compiled into Chinese-community-focused combolists and tested against Chinese-language platforms and social media services in automated stuffing campaigns.
Check If You Are Affected
HEROIC offers a free identity scanner that checks your email address against thousands of known breach databases, including overseas Chinese community platform leaks like Creaders Column. If your credentials were exposed, you will recieve an alert with guidance on which accounts to secure immediately. Visit heroic.com to scan your email for free and protect your online accounts from credential-based attacks linked to this breach.
Breach Breakdown
45,937 passwords exposed. Is yours one of them?
Enter your email to scan this breach plus 400B+ other leaked records. If you're compromised, we'll show you exactly where and what to change.
Free forever · No account required · Results in seconds