Chinese Adult Site Leaking 14 Million User Details – and It’s Increasing!

So far, the platform has leaked more than 14 million user accounts with more than 24 GB worth of files. The server is updating itself with new information every second.

Hjedd, an infamous Chinese adult content and NSFW platform has been exposing a treasure trove of user data online since at least July 2022. This was discovered by independent security researcher Anurag Sen who confirmed to that the server is still exposed and publicly accessible without any security authentication or password.

For your information, a database or server exposed without security authentication means anyone with a slight bit of knowledge about finding unsecured databases on Shodan and other such platforms can have complete access to Hjedd’s user data.

According to Sen and as seen by, the exposed data includes the following:

  • Usernames
  • Nicknames
  • Phone Numbers
  • Member Details
  • Users’ Comments
  • Email Addresses
  • Bcrypt Hashed Passwords
  • Login Ip address and details
  • Messages between Users revealing Private contents
Screengrab: Anurag Sen (

At the time of writing, can confirm that the leaky server comprises details of over 14 million users with more than 24 GB worth of records.

What’s worse, the data is frequently updated with details of new and already registered users.

The screenshot shows the size of data currently being exposed by the site – Anurag Sen (

Damage is Already Done

Sen alerted Hjedd on several occasions but the company has so far failed to respond or secure its server. However, can confirm that cybercriminals have already found their way to the server and leaked the database (apparently with 13.4 million users’ accounts) on a hacker forum that surfaced as an alternative to popular and now-seized Raidforums.


Potential Threat

According to the researcher, the information stored in this database is vulnerable to spam marketing and phishing campaigns. Leaving information like username, email, and Mobile number.

Also, its effects may cause physical damage. It can cause revealing identities for the forum members. The leaked passwords, on the other hand, are hashed but they can be matched with encrypted hashes of the password list to find the plain text password for the accounts.

Related Posts