Hackers allegedly stole information of nearly 2 billion TikTok users following a massive breach of the company’s database. While the video hosting company has denied the allegations, cybersecurity experts have opposing views on the breach.
Rumors began when a hacking group, ‘AgainstTheWest,’ announced that they had breached TikTok and WeChat. The announcement was made last week on a hacking forum, along with the screenshots of the stolen information. The group claimed that the compromised server held 2.05 billion records in about 790GB of data. The post also discussed what the hacker should do with the stolen information.
TikTok denied all allegations of the data breach and has confirmed that the data represented by the hackers is not related to its users. “TikTok prioritizes the privacy and security of our users’ data. Our security team investigated these claims and found no evidence of a security breach. We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks or databases,” a TikTok spokesperson told Forbes.
The spokesperson clarified the data represented on the hacking forum: ” The samples also appear to contain data from one or more third-party sources not affiliated with TikTok.”
Several cybersecurity news researchers and analysts studied the evidence of the alleged data breach, leading to opposing views on the incident.
Cybersecurity analyst Bob Diachenko confirmed the breach with a tweet that read, “OK, TikTokBreach is real. Our team analyzed publicly exposed repos to confirm partial users’ data leak.” However, another tweet by Diachenko stated that the data was likely from Hangzhou Julun Network Technology Co., Ltd rather than TikTok.
An anonymous Twitter account AnonZenn tweeted that the TikTok data breach compromised the payment information of over “1 billion users”. TikTok, the biggest platform on the planet has been completely breached. A little over 1 billion users as well as payment info has been compromised,” the user tweeted.
BeeHive CyberSecurity also reviewed the samples of the data and confirmed the breach. “We have reviewed a sample of the extracted data. To our email subscribers and private clients, we’ve already sent out warning communications,” they tweeted.
However, Australian web security consultant Troy Hunt studied the available samples and stated that the evidence was “so far pretty inconclusive”.
According to reports, the post and data samples have been deleted from the hacking forum and the user account that posted them has also been banned for “lying about the breach”. Twitter has also suspended the account.
The authenticity of the data provided by the hacker group has not been fully established. It is suggested that most of the stolen data is often publicly available to third parties for marketing or e-commerce. However, questions arise if a combination of such information is available to a third party. If yes, then why?
To maintain online safety, TikTok users should change their password and enable two-factor authentication. They should also limit access to personal information.
This weekly roundup highlights top cybersecurity news: Hasbro attack, AI supply chain breaches, and rising ransomware threats worldwide.
PXA Stealer, deployed by Vietnam-linked actors, hijacks LinkedIn accounts and exfiltrates credentials, crypto wallets, and sensitive data worldwide.
The data security risks of foreign-developed mobile apps are not limited to what users see on the surface.
AVrecon spreads by scanning the internet for devices with exposed vulnerable services.
What stands out in this case is that even access involving politically exposed and high-profile individuals did not trigger alerts.
Hasbro cyberattack confirmed on March 28, taking systems offline and launching an investigation with third-party cybersecurity experts.
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More