Technical Breakdown of Why Kuaishou Was Hacked

1. Attack Timing

Most attacks occurred at night, specifically during the late‑night hours. The author attributes this to the year‑end traffic peak combined with staff fatigue from shift rotations, making it a common window for malicious actors to target large systems.

2. Obtaining High‑Privilege Token

Hackers first steal user accounts, then register them in bulk, bypass real‑name verification and SMS services, and use scripts to start live streams. If a high‑privilege token issued by the platform is leaked—whether from a core server or a third‑party cloud provider—attackers can forge user identities and stream without needing passwords.

3. AI Moderation Bypass

Large companies rely heavily on machine‑vision moderation. Hackers know this and deliberately add noise or distort video frames so that the AI filter fails, while the manipulation remains obvious to human eyes.

4. Skipping the App

Instead of attacking the client‑side API, attackers directly upload video files to the server, bypassing checksum and moderation checks.

5. Massive Violating Accounts Overload System

In a very short period, thousands of compromised accounts stream prohibited content simultaneously, causing the moderation system to become overloaded. To keep the stream flowing, the system temporarily allows the content before processing it.

6. Deep Architectural Issues

Kuaishou’s extensive micro‑service architecture means a vulnerability in a single service—such as a gateway or authentication service—can trigger a chain reaction. Misconfigurations in the container environment (e.g., Kubernetes) may lead to container escape or resource hijacking. Third‑party components like Fastjson and the Spring framework must be kept up‑to‑date.

7. No Sensationalism

The incident affects not only the company but also millions of small broadcasters, merchants, and e‑commerce workers who depend on the platform. The author urges that no platform can claim absolute security and that every organization should strengthen its defensive measures.