Cybersecurity researchers have discovered a massive data breach in TikTok’s servers. This allegedly involves more than 2 billion user accounts that could be compromised as a result.
TikTok is denying reports that it was breached after a hacking group posted images that claimed to include the app’s source code and personal user information. In response to several queries, TikTok has only said that its team “found no evidence of a security breach”.
Bleeping Computer says that these hackers posted the images on a forum, claiming that they obtained the data from a breached TikTok server. The hacking group calls itself “AgainstTheWest” and they claim to have over 790 GB worth of user data, platform statistics, code, and more. They also claim to have stolen data from the Chinese messaging app WeChat, but the company is yet to respond to queries.
TikTok spokesperson Maureen Shanahan told The Verge that:
We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases. We do not believe users need to take any proactive actions, and we remain committed to the safety and security of our global community.
Regional director at Microsoft and the creator of the Have I Been Pwned tool, Troy Hunt, also shared his thoughts on the matter. He said that the evidence of a hack is so far “pretty inconclusive”. He says that some of the data is junk or could only be testing data.
This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info. Some data is junk, but it could be non-production or test data. It's a bit of a mixed bag so far.
— Troy Hunt (@troyhunt) September 5, 2022
However, Hunt was unable to confirm whether the hacker’s database contained stolen information. Either way, we recommend changing your password and enabling two-factor authentication if you have a TikTok account. Better to be safe than sorry, especially since several cybersecurity researchers have shared their warnings online.