Duowan.com Breach: 1M Chinese Gaming Accounts Exposed in 2011

HEROIC's DarkHive intelligence system identified the Duowan.com data breach, exposing 1,004,104 user records from a major Chinese gaming portal. The breach occured in approximately 2011 and compromised email addresses, usernames, and passwords stored in both MD5 hash format and plaintext. The combination of hashed and plaintext passwords in a single breach means some users had essentially no protection while others had only weak MD5 hashing that modern tools can crack within hours.

Why This Is Dangerous

Duowan.com was a significant gaming community platform in China, attracting millions of players. The exposure of over one million credentials from this platform is dangerous because thier email and password combinations are immediately testable across gaming services, payment platforms, and email providers worldwide. Plaintext passwords in the dataset require no effort to exploit, while the MD5-hashed passwords are trivially cracked by modern GPU-based cracking tools. Both password formats effectively give attackers direct access to victims' other accounts if password reuse occured.

What Was Exposed

• Email addresses
• Usernames
• Password hashes (MD5)
• Plaintext passwords

Why This Matters

Over one million compromised gaming credentials from a single Chinese platform create a substantial attack resource for credential stuffing campaigns. Duowan users who shared the same password across gaming platforms, email accounts, or e-commerce sites remained at direct risk from the moment the breach data circulated. The presence of both hashed and plaintext passwords in the same database suggests thier security implementation was inconsistent, with some accounts protected minimally and others not at all. This breach data has been incorporated into large-scale credential stuffing tools used against global gaming platforms including Steam and other major services.

How Database Breaches Work

Chinese gaming portals of the early 2010s handled enormous user volumes with security infrastructure that often lagged behind Western platforms. Database extraction attacks exploiting SQL injection vulnerabilities, compromised administrative accounts, or insecure API endpoints could yield millions of records in a single operation. The inconsistent password storage at Duowan, mixing MD5 hashes with plaintext, suggests different components of the platform had different security implementations. This is common in rapidly scaled applications where seperate development teams worked on different parts of the codebase without consistent security standards.

Check If You Are Affected

HEROIC offers a free identity scanner that searches over 400 billion records to determine whether your email address appeared in the Duowan.com breach or other known data incidents. If you played Chinese online games in 2011 and registered on duowan.com, your credentials may be actively used in credential stuffing attacks against your other accounts today. Visit heroic.com to scan your identity free and take action to protect your accounts.