Tencent Denies Massive Data Leak of 1.4 Billion QQ Accounts

The company states that the 1.4 billion user accounts from its QQ platform, which were leaked, originated from previous leaks that are now considered outdated.

By Marco Rizal - Editor, Journalist 4 Min Read
Share this post?
Share this post?

The company states that the 1.4 billion user accounts from its QQ platform, which were leaked, originated from previous leaks that are now considered outdated.

Tencent, one of China’s largest technology companies, is currently facing a major controversy due to allegations of a massive data leak involving 1.4 billion user accounts from its QQ platform.

The leaked information contains sensitive data like emails, phone numbers, and QQ IDs. Although Tencent has strongly denied any breach, there is evidence that indicates a potential connection to the infamous “Mother of All Breaches” (MOAB).

According to reports, a certain individual known as “Fenice” is believed to be responsible for the data leak.

This person has apparently leaked a staggering 1.4 billion user accounts on an underground forum.

Reports indicate that the leaked data is quite significant, with a compressed size of 44 GB and expanding to 500 GB when uncompressed.

Tencent Breach
1.4 billion records shared by threat actor “Fenice” on a dark web forum

The data contains comprehensive user information in JSON format, including emails, mobile numbers, and QQ IDs.

Based on the timestamps and storage paths, it seems that the data was processed quite recently, specifically around May 9, 2023.

The said hacker has a history of dealing with significant breaches. In August 2024, they exposed almost 3 billion records from the background lookup platform National Public Data.

These records included social security numbers (SSNs) in plain text. The National Public Data leak and the alleged Tencent leak have raised significant concern and scrutiny within the cybersecurity community due to their striking similarities.

Tencent has quickly and clearly responded to the allegations. The company has firmly denied any occurrence of a breach, dismissing the claims as baseless rumors.

Tencent’s security team has stated that the data in question is not new and has been manipulated to give the false impression of a recent breach.

The company has repeatedly addressed and refuted similar allegations that have arisen in the past.

They calmly assured users that their systems had not been accessed without authorization and advised the public to be cautious of what they believed to be false information.

Although Tencent has vehemently denied it, there are certain pieces of evidence that cast doubt on the company’s assertions.

It has been discovered that the data leaked by Fenice is connected to the “Mother of All Breaches” (MOAB), a significant data leak that was exposed in January 2024.

The data that was leaked from MOAB contains records from well-known platforms like LinkedIn, MySpace, Twitter, and Adobe, as well as popular Chinese social media giants such as Weibo and Badoo.

It is worth noting that MOAB is said to contain 1.5 billion records from Tencent, which closely matches the reported 1.4 billion QQ accounts leaked by Fenice.

The potential exposure of 1.4 billion QQ accounts is concerning, not only because of the large number of affected users but also because of the sensitive data involved.

Leave a comment