Chinese short-video platform Kuaishou Technology saw its shares fall sharply after the company confirmed a cyberattack that briefly disrupted its livestreaming services, exposed users to inappropriate content, and rattled investor confidence. The Kuaishou cyberattack, which occurred late on Monday night, triggered the stock’s steepest single-day decline in more than two months and pushed it to its lowest level since late November.
Shares of Hong Kong-listed Kuaishou Technology (HK:1024) fell by as much as 6% on Tuesday, dropping to HK$62.70 (approximately $8.06). This marked the company’s lowest share price since November 21 and represented its largest one-day percentage decline since October 14. The stock also emerged as the biggest decliner on the Hang Seng Tech Index, which itself fell about 0.5% on the day.
Market reaction followed confirmation of a cyberattack on Kuaishou that disrupted its livestreaming function. As one of China’s largest short-video platforms and a close competitor to Douyin, the Chinese version of TikTok, Kuaishou’s performance is closely watched by investors. The sudden service disruption and reports of exposed content raised concerns about platform security and operational resilience.
Kuaishou Cyberattack Timeline
According to a company announcement issued on December 23, 2025, the Kuaishou cyberattack occurred at around 10:00 p.m. local time (14:00 GMT) on December 22, 2025. Cyberthreat actors targeted the live-streaming function of the Kuaishou app, temporarily interrupting services and exposing users to content described by some users as explicit and violent. Several reports characterized the incident as “unprecedented” for the platform.
Kuaishou stated that it activated its emergency response plan immediately after detecting the cyberattack on Kuaishou.
Following system repairs and restoration efforts, livestreaming services gradually resumed normal operations. The company noted that other services on the Kuaishou app were not affected by the incident, although some livestreaming functions continued to experience limited disruption during the recovery phase.
Company Response and Legal Actions
In its press release, Kuaishou Technology said it had reported the incident to the police and relevant authorities and was pursuing further legal remedies. The company stated that it strongly condemns illegal and criminal activities linked to underground and gray industries and reiterated its opposition to any form of unlawful or harmful content.
Kuaishou also said it remains committed to operating in compliance with applicable laws and regulations and to safeguarding the interests of the company and its shareholders. While livestreaming services have largely returned to normal, the cyberattack on Kuaishou highlighted the operational and reputational risks associated with large-scale social and live-commerce platforms.
Broader Security Concerns and Prior Data Leak Claims
The recent cyberattack on Kuaishou has drawn renewed attention to earlier cybersecurity allegations involving the platform. In September, a threat actor on a known cybercrime forum claimed to have leaked order data allegedly stolen from Kuaishou. According to that claim, an attacker compromised a live broadcast room and used the access to place around 10,000 fraudulent orders for non-refundable virtual goods.
The data allegedly leaked included usernames, phone numbers, addresses, and order details of affected users. If accurate, the incident would represent a multi-layered security breach involving unauthorized access, financial fraud, and the exposure of personally identifiable information.
Implications for Platform Security
The December livestreaming Kuaishou cyberattack shows how attacks on social video and live-commerce platforms can quickly extend beyond service disruption to include content abuse, fraud, and potential data exposure, with immediate financial and regulatory impact.
As Kuaishou works to restore stability and address security gaps, the incident stresses the need for early threat detection, rapid investigation, and continuous monitoring of underground activity.
Cyble supports this need through AI-powered threat intelligence that tracks dark web and cybercrime signals, correlates indicators of compromise, and enables faster response.
Security teams can assess their exposure and book a personalized demo to better anticipate and mitigate similar attacks.
