A cybersecurity incident involving an alleged massive data breach at China’s Huawei Technologies has been exposed as a misinformation campaign with a detailed investigation by DWIRE confirming the “leaked” files were not proprietary corporate code but were in fact a standard distribution of the open-source TeX Live publishing system.
The incident began on October 2nd when an anonymous user posted on a known dark web marketplace offering “Huawei Data Breach” for sale.
The claim was amplified by social media accounts which attached a valuation of nearly $1 trillion leading several technology news outlets to report on a potential major security incident. However analysis of the data tells a different story.
DWIRE’s direct comparison of the directory structure against authoritative sources found a 100% match with the official TeX Live distribution. The folder names (`install-tl`, `texmf-dist`, `tlpkg`) and the presence of thousands of `.sty`, `.tex`, and `pdftex` files are characteristic of the TeX Live system.. an open source toolset for academic document publishing used worldwide. The software is publicly available for download from repositories like the TeX Archive Network (CTAN). There was no evidence in the file structure to suggest it contained any proprietary code unique to Huawei.
the directory contained files associated with “SpiderWeb” a literate programming toolset including CWEB distributions and DVI drivers. Timestamps within some of the archives date back to 1993 and metadata references Princeton University and the work of academic Donald Knuth proving the files are old and open-source academic material.
The incident is further contextualized by the status of BreachForums itself which has reportedly been under the control of a U.S. and French law enforcement task force since August 2025 operating as a honeypot. The post was likely a misinformation campaign or a simple scam designed to prey on existing geopolitical tensions surrounding Huawei.
This was followed by a new claim. On Sunday October 5th a user posted on a different darkweb forum offering what they described as a “Huawei 2025 October Data Leak” containing “1.5M User Records (Full Profiles, Verified Data).”
The actor released a sample of the data when asked. The sample shows headers for sensitive personal information—including `huawei_user_id`, `country`, `email`, `phone_number`, and `date_of_birth` followed by a single user record. While this makes the claim more tangible than the debunked source code hoax.. the authenticity of the sample and the existence of the larger 1.5 million record database remain unverified
