Several IT security analysts tweeted about TikTok becoming a data breach victim over the weekend. Security analysts stated that the platform’s security was breached through an internal server that allowed the hackers access to its data storage that contained users’ data.
Reports of the supposed hacking of TikTok appeared on September 3rd, 2022 on the Breach Forums, a hacker, cybercrime forum which surfaced as an alternative to popular and now-sized Raidforums.
As seen by Hackread.com a member of the forum using the handle “AgainstTheWest” posted screenshots of the WeChat and TikTok data breach and stated that they hadn’t yet decided whether to leak the data or sell it publicly.
The hacker also published links to two data samples and a video of one set of database samples. The hacker also claimed to have stolen TikTok’s internal backend source code. However, the company’s spokesperson has claimed no evidence of a security breach.
It is worth noting that the hacker is claiming to have stolen 2 billion TikTok records including internal statistics, code, 790 GB worth of user data, and more.
“Our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code.”TikTok
Analysis of Data Samples
Troy Hunt of HaveIbeenPwned examined data samples available in the leaked documents and was able to match user profiles and videos posted under the IDs. However, Hunt also found that some of the details in the leak were already publicly available and would not require a breach for access.
Hunt tweeted that his analysis was inconclusive. Some data matched production information, but it was publicly available, whereas some data was junk and could either be a test or non-production data. Hunt regarded the data as “a mixed bag.”
Nonetheless, it is always a good idea to change your password regularly and keep an eye on any suspicious activity on your social media accounts.
The adminitrator of Breach Forums has banned the self-proclaimed hacker “AgainstTheWest.” The admin has also labeled the TikTok and WeChat data breach claims as phony.