A plaintext credential dump from ys168.com, a Chinese file-hosting service, is being shared on BreachForums. The archive contains around 657,000 records of usernames, plaintext passwords, and email addresses, with email providers heavily skewed toward Chinese services like 163.com, 21cn.com, sina.com, sohu.com, and qq.com.
The data appears to predate modern password-storage practice. Passwords are stored in cleartext rather than as hashes, which is consistent with the engineering norms of mid-2000s Chinese consumer web platforms. Many of the QQ-number-style account identifiers in the dataset suggest a user cohort that signed up between roughly 2006 and 2012.
Why this matters outside China
Credential-stuffing operations are global by default, and a clean list of email-and-plaintext-password pairs from any national market gets immediate use against international services. QQ-number-derived email accounts are particularly portable because the QQ ID is also commonly used as the username on other platforms.
If you held a ys168.com account and the password you used on it is still in rotation anywhere else, retire it now.