AcFun Data Breach Exposes Millions – How to Safeguard Your Account

On the early morning of June 13 (Beijing time), AcFun announced that its site had been hacked, resulting in the leakage of nearly ten million user records. The company urged users who have not logged in since July 7, 2017 or who use weak passwords to change them promptly, and advised anyone reusing the same password on other sites to do the same.

AcFun clarified that the leaked data includes user IDs, nicknames and passwords stored in encrypted form; no plaintext passwords were exposed. Passwords for users who logged in after July 7, 2017 have already been upgraded to a stronger encryption scheme, but users with simple passwords should still change them quickly.

Dark Web Already Selling the Data

According to reliable sources, as early as March this year, a dark‑web forum began openly selling first‑hand AcFun user data, up to 8 million records, at roughly one yuan for 800 entries.

Before AcFun issued its breach notice, the dark web also had sellers offering the site’s shell and internal network access, highlighting the large data volume and high daily traffic as selling points.

In recent months AcFun has experienced financial turbulence, and after its recent acquisition by Kuaishou, the breach raised questions about possible undisclosed causes.

Users Should Change Their Passwords Immediately

The risks of password leakage are well known: attackers can view all personal information on the site, including favorite video IDs, and may add the data to credential‑stuffing databases to compromise accounts on other services, leading to phishing attacks and potential financial loss.

Similar incidents have occurred on other major Chinese video platforms, suggesting that highly active user bases are attractive targets for attackers.

In short, users are urged to change their passwords without delay.