Full Report
In March 2021, the Russian online streaming service KinoKong suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 800k unique email addresses along with names, usernames, IP addresses and MD5 password hashes.
Analysis Summary
# Incident Report: KinoKong Data Breach (2021)
## Executive Summary
In March 2021, the Russian online streaming service KinoKong experienced a data breach, resulting in the exposure of data belonging to approximately 817.8 thousand users. The compromised data included email addresses, names, usernames, IP addresses, and MD5-hashed passwords. The data was later found distributed as part of a larger corpus of leaked information.
## Incident Details
- Discovery Date: Unknown (Added to HIBP on December 6, 2025, suggesting external discovery/publication)
- Incident Date: March 2021
- Affected Organization: KinoKong
- Sector: Online Streaming Service
- Geography: Russia
## Timeline of Events
### Initial Access
- Date/Time: March 2021
- Vector: Undisclosed (Likely a vulnerability exploitation or credential stuffing targeting the system storing user PII/authentication data).
- Details: Attackers successfully accessed user data stores.
### Lateral Movement
- N/A (No specifics provided in the source material.)
### Data Exfiltration/Impact
- March 2021: Over 800,000 records containing sensitive user data were extracted.
### Detection & Response
- Detection Date: Outside scope of initial reporting, but the data appeared publicly months/years later, aggregated in a larger breach corpus in December 2025.
- Response actions taken: Not explicitly detailed. Public summaries focus on user remediation advice (password change, 2FA).
## Attack Methodology
*Note: The source material does not provide technical details on the TTPs used, so the breakdown is based on the outcome.*
- Initial Access: Undisclosed system compromise.
- Persistence: Unknown.
- Privilege Escalation: Unknown.
- Defense Evasion: Unknown.
- Credential Access: N/A (Password hashes were directly exfiltrated).
- Discovery: Unknown.
- Lateral Movement: Unknown.
- Collection: Direct database access or export of user records.
- Exfiltration: Data was successfully removed from the environment and later redistributed publicly.
- Impact: Data theft.
## Impact Assessment
- Financial: Not disclosed.
- Data Breach: Exposure of 817.8 thousand user records, including:
- Email addresses
- Names
- Usernames
- IP addresses
- MD5 password hashes
- Operational: Not disclosed, assumed minimal external impact beyond data loss.
- Reputational: Negative impact on user trust due to the handling and subsequent public leakage of PII.
## Indicators of Compromise
- N/A. Specific network artifacts or filenames were not documented in the provided summary. The primary IOC is the dataset itself.
## Response Actions
Response actions taken by KinoKong are not detailed. Remediation recommendations provided to the public focused on user behavior:
- Changing passwords immediately across all platforms where the compromised credentials were used.
- Enabling Two-Factor Authentication (2FA).
## Lessons Learned
- **Hashing Strength:** The use of MD5 for password hashing is significantly outdated and provides minimal security against modern cracking techniques, accelerating the damage caused by the breach.
- **Data Minimization:** The organization stored unnecessary personal identifiers (names, IP addresses) alongside authentication material.
## Recommendations
- Immediately retire MD5 hashing for password storage in favor of modern, salted, adaptive functions (e.g., Argon2, bcrypt, scrypt).
- Implement rigorous access controls and monitoring on databases containing Personally Identifiable Information (PII) and authentication data.
- Conduct regular security audits focused on data storage and exfiltration vectors to prevent data aggregation and leakage.