What happened
According to public breach records, the Youku data breach on December 1, 2016 is reported to have exposed the personal information of 91,890,110 accounts.
In late 2016, the online Chinese video service Youku suffered a data breach. The incident exposed 92 million unique user accounts and corresponding MD5 password hashes. The data was contributed to Have I Been Pwned courtesy of rip@creep.im.
Passwords in this breach were reportedly stored as MD5 hashes.
In late 2016, the Chinese video-streaming service Youku (owned by Alibaba) suffered a data breach that exposed roughly 92 million unique user accounts, comprising email addresses and passwords stored as weak MD5 hashes. The dataset surfaced publicly in April 2017, when a dark-web seller using the handle "CosmicDark" advertised the records for sale at about $300 (roughly 0.2559 BTC), claiming the MD5/SHA1-hashed passwords had been cracked. The breach was contributed to Have I Been Pwned in April 2017, which catalogued it at 92 million accounts.
What data was exposed
The following types of personal data were compromised:
- Email addresses
- Passwords
Breach details
| Detail | Value |
|---|---|
| Breach name | Youku |
| Date | December 1, 2016 |
| Accounts affected | 91,890,110 |
| Domain | youku.com |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by Youku; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- If you reused your Youku password on any other account, change it everywhere immediately — the passwords were stored as weak MD5 hashes that are trivially cracked, so treat the original password as fully exposed.
- Enable two-factor authentication on any important accounts that shared this email-and-password combination.
- Watch the exposed email address for phishing and credential-stuffing attempts, since these records circulated on dark-web marketplaces.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- Have I Been Pwned: Youku Data Breach
- Chinese Video Service Giant Youku Hacked; Accounts Sold on Dark Web
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →