ShellCodeX Breach Report
JD Data Breach
jd.com
Verified breach
Passwords exposed
Accounts exposed
77,449,341
Breach date
01 Jan 2013
Added to tracker
02 Jun 2021
Data classes
4
What happened
In 2013 (exact date unknown), the Chinese e-commerce service JD suffered a data breach that exposed 13GB of data containing 77 million unique email addresses. The data also included usernames, phone numbers and passwords stored as SHA-1 hashes.
Exposed data
Email addresses
Passwords
Phone numbers
Usernames
Recommended actions
- Change your JD password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing JD โ attackers weaponise breach data quickly.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP