• World CyberCon India
Data Breaches Firewall Daily

TikTok Denies Breach of 2 Billion User Database Records

Several cybersecurity researchers and analysts studied the evidence of the alleged data breach, leading to opposing views on the incident.

TikTok Denies Breach of 2 Billion User Database Records
  • PublishedSeptember 6, 2022

Hackers allegedly stole information of nearly 2 billion TikTok users following a massive breach of the company’s database. While the video hosting company has denied the allegations, cybersecurity experts have opposing views on the breach.

What do the hackers say?

Rumors began when a hacking group, ‘AgainstTheWest,’ announced that they had breached TikTok and WeChat. The announcement was made last week on a hacking forum, along with the screenshots of the stolen information. The group claimed that the compromised server held 2.05 billion records in about 790GB of data. The post also discussed what the hacker should do with the stolen information.

TikTok’s response

TikTok denied all allegations of the data breach and has confirmed that the data represented by the hackers is not related to its users. “TikTok prioritizes the privacy and security of our users’ data. Our security team investigated these claims and found no evidence of a security breach. We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks or databases,” a TikTok spokesperson told Forbes.

The spokesperson clarified the data represented on the hacking forum: ” The samples also appear to contain data from one or more third-party sources not affiliated with TikTok.”

What do the experts say?

Several cybersecurity researchers and analysts studied the evidence of the alleged data breach, leading to opposing views on the incident.

Cybersecurity analyst Bob Diachenko confirmed the breach with a tweet that read, “OK, TikTokBreach is real. Our team analyzed publicly exposed repos to confirm partial users’ data leak.” However, another tweet by Diachenko stated that the data was likely from Hangzhou Julun Network Technology Co., Ltd rather than TikTok.

An anonymous Twitter account AnonZenn tweeted that the TikTok data breach compromised the payment information of over “1 billion users”. “TikTok, the biggest platform on the planet has been completely breached. A little over 1 billion users as well as payment info has been compromised,” the user tweeted.

BeeHive CyberSecurity also reviewed the samples of the data and confirmed the breach. “We have reviewed a sample of the extracted data. To our email subscribers and private clients, we’ve already sent out warning communications,” they tweeted.

However, Australian web security consultant Troy Hunt studied the available samples and stated that the evidence was “so far pretty inconclusive”.

Samples deleted, account banned

According to reports, the post and data samples have been deleted from the hacking forum and the user account that posted them has also been banned for “lying about the breach”. Twitter has also suspended the account.

The authenticity of the data provided by the hacker group has not been fully established. It is suggested that most of the stolen data is often publicly available to third parties for marketing or e-commerce. However, questions arise if a combination of such information is available to a third party. If yes, then why?

Online safety

To maintain online safety, TikTok users should change their password and enable two-factor authentication. They should also limit access to personal information.

Written By
Editorial

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.