"TikTok Denies Breach After Hackers Claim Billions of User Records Stolen"

TikTok denies claims that a hacking group has breached an Alibaba cloud database containing 2.05 billion records, including data on TikTok and WeChat users. On Friday, a hacking group named AgainstTheWest posted screenshots which they say were taken from the hacked database on a hacking forum. The hacking group said the Alibaba server that was supposedly breached contains 2.05 billion records in a 790GB database with user data, platform statistics, source code, cookies, auth tokens, server info, and other information. The hackers also claimed they have yet to decide if they want to sell or release the data to the public.   A TikTok representative stated that a breach did not occur. In discussions on the Hacker News forum, some forum participants suggested that the data looks like it came from a third party that integrates with TikTok for marketing or e-commerce purposes. However, TikTok has dismissed those claims, stating that while the sample appears to contain data from one or more third-party sources, they are not affiliated with the company. Troy Hunt, a regional director at Microsoft, stated that this is so far pretty inconclusive; some data matches production info, albeit publicly accessible info. Some data is junk, but it could be non-production or test data. Another security expert, Bob Diachenko, stated that there is no concrete conclusion about the origin of the data but validated that the leaked user data is real.   Diachenko noted that while there is definitely a breach, it is still a work in progress to confirm the origin of data, which could be a third party.

 

CISO reports: "TikTok Denies Breach After Hackers Claim Billions of User Records Stolen"

Submitted by Anonymous on