As the year-end approaches, Kuaishou suffered a severe cybersecurity incident.


On the evening of December 22, numerous users reported on social media that Kuaishou Live was flooded with a large volume of pornographic content, with some live streams reaching viewer counts as high as 100,000 and receiving continuous virtual gifts. Around midnight, Kuaishou urgently shut down all live-streaming channels, gradually restoring services only in the early hours of the following day.

In response to the incident, Kuaishou told Lanjing Tech reporters that around 10 p.m. that night, the platform was hit by black-market cybercriminals and had immediately initiated emergency remediation measures. The company stated it firmly opposes any form of violation content, has reported the matter to relevant authorities, and filed a police report.

“This incident essentially occurred because black-market actors discovered a highly critical vulnerability in Kuaishou’s system and exploited it,” said Peng Gen, General Manager of Beijing Hanhua Feitian Xin’an Technology Co., Ltd., a firm specializing in cybersecurity products. He noted that while all systems have vulnerabilities—and patching them is routine—the key issue lies in whether a security team can proactively identify and fix such flaws during regular audits. This, he said, reflects shortcomings in Kuaishou’s day-to-day cybersecurity practices.

From a response perspective, although Kuaishou began blocking offending live streams at 10 p.m. upon detecting the attack, it failed to contain the situation, ultimately resorting to cutting off the entire live-streaming entry point at midnight. Peng Gen criticized the platform’s slow response: “This indicates Kuaishou lacks effective automated capabilities for threat analysis and incident handling, leading to prolonged response times and amplified negative impact.”

He added that disabling the entire entry point is typically a last-resort measure in cybersecurity incidents—“akin to pulling the network cable during a cyber battle out of sheer desperation. You wouldn’t do it if you had better options.”


According to a March 2025 post on Kuaishou’s official WeChat account “Kuaishou Blackboard,” the platform combats pornographic and vulgar live streams through enhanced manual monitoring and technical detection. Another November 2025 post stated that Kuaishou has continuously iterated its algorithmic identification models, reducing detection latency for certain low-quality content from minutes to seconds. Leveraging deep learning, large models, and graph computing, the platform actively identifies harmful content and malicious users, integrating dimensions such as report quality and user sentiment for comprehensive evaluation. This approach has improved both the efficiency and accuracy of report handling while enhancing model retraining. Since the beginning of 2025, Kuaishou reports a 55% year-over-year decline in low-quality live stream reports and a 28% drop in reports of Inducing tipping violations.

A cybersecurity expert from Qi An Xin Group told Lanjing Tech that this incident involved hackers using automated tools to mass-register and control bot accounts, enabling second-level publishing and rapid dissemination of violation content. Such large-scale attacks far exceed the capacity of manual moderation. Traditional human review inherently suffers from latency and, when faced with dozens of violation posts per second, often falls into a reactive cycle where bans lag behind new violations.

“Pitting humans against machines is inherently unbalanced,” Peng Gen said. “If a platform already has automated response capabilities, the real question becomes whether those systems are truly effective.”


The large-scale black-market assault on a live-streaming platform is undoubtedly a stern test of content platforms’ cybersecurity defenses—and the fallout was immediately reflected in financial markets. On December 23, Kuaishou’s Hong Kong-listed shares opened lower, falling 3.6% to HK$64.3 per share by noon.

Investors are now concerned: could similar black swan events strike other online platforms? Experts interviewed believe that unless other platforms promptly patch their vulnerabilities, they too could become targets of orchestrated attacks. What’s urgently needed is systematic vulnerability scanning capability across the industry.

Moreover, fully automated incident response represents the future direction of cybersecurity. Peng Gen explained that his company’s defense systems for clients—employing “automation + AI”—have successfully withstood sustained hacking attempts from overseas attackers between 1 a.m. and 5 a.m. He believes online platforms must transition toward automation and reduce reliance on manual monitoring.

As the year-end approaches, Kuaishou suffered a severe cybersecurity incident.


On the evening of December 22, numerous users reported on social media that Kuaishou Live was flooded with a large volume of pornographic content, with some live streams reaching viewer counts as high as 100,000 and receiving continuous virtual gifts. Around midnight, Kuaishou urgently shut down all live-streaming channels, gradually restoring services only in the early hours of the following day.

In response to the incident, Kuaishou told Lanjing Tech reporters that around 10 p.m. that night, the platform was hit by black-market cybercriminals and had immediately initiated emergency remediation measures. The company stated it firmly opposes any form of violation content, has reported the matter to relevant authorities, and filed a police report.

“This incident essentially occurred because black-market actors discovered a highly critical vulnerability in Kuaishou’s system and exploited it,” said Peng Gen, General Manager of Beijing Hanhua Feitian Xin’an Technology Co., Ltd., a firm specializing in cybersecurity products. He noted that while all systems have vulnerabilities—and patching them is routine—the key issue lies in whether a security team can proactively identify and fix such flaws during regular audits. This, he said, reflects shortcomings in Kuaishou’s day-to-day cybersecurity practices.

From a response perspective, although Kuaishou began blocking offending live streams at 10 p.m. upon detecting the attack, it failed to contain the situation, ultimately resorting to cutting off the entire live-streaming entry point at midnight. Peng Gen criticized the platform’s slow response: “This indicates Kuaishou lacks effective automated capabilities for threat analysis and incident handling, leading to prolonged response times and amplified negative impact.”

He added that disabling the entire entry point is typically a last-resort measure in cybersecurity incidents—“akin to pulling the network cable during a cyber battle out of sheer desperation. You wouldn’t do it if you had better options.”


According to a March 2025 post on Kuaishou’s official WeChat account “Kuaishou Blackboard,” the platform combats pornographic and vulgar live streams through enhanced manual monitoring and technical detection. Another November 2025 post stated that Kuaishou has continuously iterated its algorithmic identification models, reducing detection latency for certain low-quality content from minutes to seconds. Leveraging deep learning, large models, and graph computing, the platform actively identifies harmful content and malicious users, integrating dimensions such as report quality and user sentiment for comprehensive evaluation. This approach has improved both the efficiency and accuracy of report handling while enhancing model retraining. Since the beginning of 2025, Kuaishou reports a 55% year-over-year decline in low-quality live stream reports and a 28% drop in reports of Inducing tipping violations.

A cybersecurity expert from Qi An Xin Group told Lanjing Tech that this incident involved hackers using automated tools to mass-register and control bot accounts, enabling second-level publishing and rapid dissemination of violation content. Such large-scale attacks far exceed the capacity of manual moderation. Traditional human review inherently suffers from latency and, when faced with dozens of violation posts per second, often falls into a reactive cycle where bans lag behind new violations.

“Pitting humans against machines is inherently unbalanced,” Peng Gen said. “If a platform already has automated response capabilities, the real question becomes whether those systems are truly effective.”


The large-scale black-market assault on a live-streaming platform is undoubtedly a stern test of content platforms’ cybersecurity defenses—and the fallout was immediately reflected in financial markets. On December 23, Kuaishou’s Hong Kong-listed shares opened lower, falling 3.6% to HK$64.3 per share by noon.

Investors are now concerned: could similar black swan events strike other online platforms? Experts interviewed believe that unless other platforms promptly patch their vulnerabilities, they too could become targets of orchestrated attacks. What’s urgently needed is systematic vulnerability scanning capability across the industry.

Moreover, fully automated incident response represents the future direction of cybersecurity. Peng Gen explained that his company’s defense systems for clients—employing “automation + AI”—have successfully withstood sustained hacking attempts from overseas attackers between 1 a.m. and 5 a.m. He believes online platforms must transition toward automation and reduce reliance on manual monitoring.