Source Code of Bilibili Leaked on Github

  • The source code has been forked more than 6,000 times.
  • There is worry that this leak may lead to further exposure of user information.
  • Related questions on Zhihu that were available one minute ago are being deleted.

Today has been a special day for Chinese coders. According to Sina News, the source code of Bilibili, a famous Chinese ACG video sharing website, had been fully leaked on Github. Before being taken down, it had been forked more than 6,000 times, which means basically it is impossible to stop the spread of the code now. People are posting concerns on Zhihu (a Quora-like Chinese website) and Sina Weibo over potential cyber attacks on Bilibili over the next few days.

According to screenshots posted by some coders, it appears the leak has also exposed some insider secrets. For example, one part of the source code appears to show that Bilibili has designed its website to generate fake announcements about company contest winners, when in fact no one is winning prizes. Also, there is worry that this leak may lead to further exposure of user information. One comment claimed that Bilibili’s method of saving user passwords is outdated.

People that have seen the source code are also posting some interesting comments from within it. In one case, a comment beside a version update says “I don’t understand this neither.” In other places humorous poems are inserted in the source code.

Some posters say the leak was made by a disgruntled former employee, while others are connecting this to the recent ongoing anti-996 campaign in China. “996” means working from 9:00 a.m. to 9:00 p.m., 6 days a week. This overtime working schedule is implemented by some major internet companies in China. Some important figures like Ma Yun have given speeches suppporting 996.

Bilibili is now doing everything to minimize the loss. As this article is being written, related questions on Zhihu that were available one minute ago are being deleted.

Such questions still show up on search engines. However, links to such questions now lead to a 404 page.

Bilibili is a NASDAQ listed company, and trades as BILI.

UPDATE:

Bilibili issued the following statement: “Today, we have noticed that some source code of Bilibili is spreading online. We have confirmed that it is an older version and we have implemented positive protection actions to ensure that this incident won’t affect the safety of Bilibili website and user data.

We have reported this leakage to the police for full investigation. Meanwhile, Bilibili has always our own official open source project, all interested users are welcome to visit at: http://github.com/bilibili.”

This statement was taken down a short time later. Some online commenters said that this statement is completely useless and misleading.

One comment said: “‘Some source code is spreading’ means all Bilibili’s source code, ‘an older version’ means the source code is the version of 6 hours ago when it was leaked, ‘positive protection actions’ means changing all the access keys to Alibaba Cloud.”

Only $1/click

Submit Your Ad Here

Corey Barro

Just another attempt to show a more real China.

Leave a Reply