What happened
According to public breach records, the Tianya data breach on December 26, 2011 is reported to have exposed the personal information of 29,020,808 accounts.
In December 2011, China's largest online forum known as Tianya was hacked and tens of millions of accounts were obtained by the attacker. The leaked data included names, usernames and email addresses.
In late December 2011, the Chinese online forum Tianya.cn (one of China's largest) confirmed that user data had been leaked online, posting an apology on its homepage and reporting the incident to police in Haikou; the disclosure came days after a similar leak at another Chinese site, CSDN. The published data was drawn from a backup database predating 2009, a period when Tianya stored credentials in plaintext, and the exposure included email addresses, names, and usernames across roughly 29 million accounts (early press reports cited up to 40 million). Tianya noted it had upgraded to encrypted password storage in 2010, so accounts changed after that point were better protected.
What data was exposed
The following types of personal data were compromised:
- Email addresses
- Names
- Usernames
Breach details
| Detail | Value |
|---|---|
| Breach name | Tianya |
| Date | December 26, 2011 |
| Accounts affected | 29,020,808 |
| Domain | tianya.cn |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by Tianya; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- If you ever reused your Tianya password anywhere else, change it on those accounts now and avoid reusing passwords across sites.
- Enable two-factor authentication on your email and other important accounts, since the leaked email-and-name pairs make targeted account-takeover attempts easier.
- Treat unexpected emails referencing your name or old forum activity with suspicion, as exposed name-and-email combinations are commonly used for phishing.
- Consider retiring or closely monitoring any email address tied to this old account if it still receives unusual or spam-heavy traffic.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- Have I Been Pwned: Tianya Data Breach
- Tianya, China's biggest online forum, 40 million users data leaked
- Tianya Suffers Data Breach
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →