China’s popular short-video platform Kuaishou (known as Kwai overseas) was hit by a large-scale cyber attack launched by an overseas cybercrime syndicate around 10 PM on December 22.
A deluge of illegal and inappropriate videos flooded multiple live streaming rooms, replacing the original content and sparking widespread public discussion across China.
Kuaishou responded swiftly, emergency shutting down all live streaming channels and freezing compromised accounts. As of now, the illegal content has been removed, and services are gradually resuming. The platform has reported the incident to the police for investigation.
According to user reports, around 10:15 PM, numerous Kuaishou live rooms with no avatars or titles suddenly started playing obscene and inappropriate videos. Some streamers were even found using coded language to guide viewers to external platforms.
Many users attempted to report the violations but failed due to jammed reporting channels. E-commerce merchants preparing for live broadcasts received “function unavailable” alerts, and the “Live Streaming” entry on the platform later showed “under maintenance.”
The attack was identified as an organized criminal act. The cybercrime group used virtual phone numbers to mass-register or hijack accounts, controlling over 17,000 accounts to launch a coordinated attack.
They exploited vulnerabilities in Kuaishou’s API interfaces to disrupt the platform’s review system, launching a “saturation attack” through distributed streaming. This allowed some illegal content to remain online for 10 to 20 minutes before being taken down.
Immediately after the incident, Kuaishou activated a Level 1 emergency response. The platform moved to block the attack, fix security loopholes, and shut down all live streaming channels.
By midnight on December 23, the removal of illegal content and freezing of involved accounts were completed. At 1:36 AM, Kuaishou issued a notice confirming that some accounts had been stolen due to the overseas hacker attack, with all vulnerabilities already fixed. It added that users would receive SMS notifications to verify their accounts and change passwords.
In an official response, Kuaishou stated that it has reported the incident to regulators and filed a police report. Public security authorities in multiple regions confirmed that they have received the report and are handling the case.
The platform warned users not to click on unknown links and advised those with account abnormalities to seek help through official Kuaishou channels.
The incident exposed significant weaknesses in Kuaishou’s security defenses. Industry insiders suggested upgrading the platform’s three-tier inspection mechanism, strengthening overnight content reviews, and establishing a transparent notification system.
The hashtag “What happened to Kuaishou tonight?” trending on various social platforms. Many users expressed fears that their phones might be attacked, with some even saying they intended to uninstall the app.
Currently, Kuaishou is collaborating with cybersecurity authorities to trace the source of the attack and pursue legal liability against the perpetrators.
The platform also pledged to increase investment in security and improve its defense system. Further developments in the case will be followed closely.
This article is from a submission, please keep the link for forwarding: https://www.36ti.com/topb/1020