Cyber Incident Victim: Sohu, Inc.

In January 2017, a dark web entity using the alias "DoubleFlag" listed for sale a massive trove of stolen user accounts collectively branded as "The Big Asian Leak," impacting multiple Chinese and South Korean internet companies. The compromised entities included Sohu, Inc., alongside NetEase subsidiaries (126.com, 163.com, Yeah.net, 163.net), Tencent's QQ.com, Sina Corporation's Sina.com/Sina.com.cn, TOM Group's Tom.com, Letter Network Information Technology's eYou.com, and SK Communications' Nate.com. Sohu, identified as a Chinese internet company providing search engine services, advertising, online gaming, and the official website for the 2008 Beijing Olympics, suffered a breach exposing 23,198,610 user accounts from its primary domain Sohu.com. Additionally, DoubleFlag offered 236,169 accounts from Sogou.com, Sohu's search engine subsidiary founded in 2010. The broader leak encompassed over 1.5 billion accounts across all listed entities, with NetEase subsidiaries constituting the largest portion (over 1.2 billion accounts from 163.com and 126.com).

The attacker advertised the entire dataset, including Sohu's compromised credentials, for 0.8873 Bitcoin (approximately $800 at the time) on dark web marketplaces. The listing also included auxiliary data purportedly stolen from Yahoo Japan, Yahoo China, Yahoo Taiwan, Gmail, Hotmail, MSN, and Live accounts, though these were not linked to Sohu. No specific breach methodology or intrusion timeline for Sohu was disclosed in the listing. Experian, referenced in the article regarding unrelated breach denials, had no stated connection to the Sohu incident. The sale posed significant credential-stuffing and identity theft risks to Sohu users, particularly given the company's diverse service portfolio. The incident highlighted systemic vulnerabilities across major Asian internet platforms, with Sohu's compromised accounts representing a substantial segment of the overall leak.