Jump to content
  • TikTok denies security breach after hackers leak user data, source code

    alf9872000

    • 405 views
    • 3 minutes
     Share


    • 405 views
    • 3 minutes

    TikTok denies recent claims it was breached, and source code and user data were stolen, telling BleepingComputer that data posted to a hacking forum is "completely unrelated" to the company.

     

    On Friday, a hacking group known as 'AgainstTheWest' created a topic on a hacking forum claiming to have breached both TikTok and WeChat. The user shared screenshots of an alleged database belonging to the companies, which they say was accessed on an Alibaba cloud instance containing data for both TikTok and WeChat users.

     

    The threat actor says this server holds 2.05 billion records in a massive 790GB database containing user data, platform statistics, software code, cookies, auth tokens, server info, and many more.

     

    tiktok-breached-to.png
    Announcement of TikTok and WeChat breach on a hacker forum - Source: BleepingComputer
     

    While the name AgainstTheWest may sound like the hacking group is targeting Western countries, the threat actors claim to only target countries and companies hostile to Western interests.

     

    "Don't let the name confuse you, ATW targets countries they perceive to be a threat to western society, currently they are targeting China and Russia and have plans to target North Korea, Belarus and Iran in the future," explains cybersecurity researcher CyberKnow.

    TikTok denies being hacked

    TikTok has told BleepingComputer that the claims of the company being hacked are false. Furthermore, the company said the source code shared on hacking forums isn't part of its platform.

    "This is an incorrect claim — our security team investigated this statement and determined that the code in question is completely unrelated to TikTok's backend source code, which has never been merged with WeChat data." - TikTok.

    TikTok also told us that the leaked user data could not result from a direct scraping of its platform, as they have adequate security safeguards to prevent automated scripts from collecting user information.

     

    BleepingComputer has also reached out to WeChat for a statement, but we have not yet received a response from them.

     

    While WeChat and TikTok are both Chinese firms, they are not owned by the same parent company, with the former belonging to Tencent and the latter to ByteDance. Therefore, seeing them both in a single database indicates that it was not a direct breach on each platform.

     

    Most likely, the unprotected database was created by a third-party data scraper or broker who scraped public data from both services and saved it into a single database.

     

    The two companies are constantly in the spotlight of privacy investigations by national services, so finding such a rich cloud instance containing both companies' data is raising suspicions.

     

    Troy Hunt, the creator of the HaveIBeenPwned data breach notification service, confirmed in a Twitter thread that some of the data were valid. However, Hunt could not find anything that is not publicly available in TikTok, thus proving an internal systems breach.

     

    troy-tweet.jpg

     

    Similarly, "database hunter" Bob Diachenko has validated the leaked user data as real, but couldn't provide any concrete conclusions about the origin of the data.

     

    Diachenko-tweet

     

    If further analysis reveals that the data is legitimate, TikTok will be forced to take action to mitigate the leak's effects even if it wasn't breached. We have requested an additional comment from the platform on that front, but we haven't received an answer.

     

    The story will be updated as soon as new evidence or conclusions become available.

     

    Source: Bleeping Computer

    https://www.bleepingcomputer.com/news/security/tiktok-denies-security-breach-after-hackers-leak-user-data-source-code/


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...