TikTok denies breach after hackers claim billions of user records stolen

TikTok is denying claims that a hacking group has breached an Alibaba cloud database containing 2.05 billion records that include data on TikTok and WeChat users.

The hacking group, which goes by the name AgainstTheWest, on Friday posted screenshots—which they say were taken from the hacked database—on a hacking forum.

The Alibaba server that was breached contains 2.05 billion records in a 790GB database with user data, platform statistics, source code, cookies, auth tokens, server info, and other information, the hacking group said. The hackers also claimed they are yet to decide if they want to sell the data or release it to the public. 

“This is an incorrect claim—our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code, which has never been merged with WeChat data,” a TikTok spokesperson told BleepingComputer.com. 

The leaked user data could not result from a direct scraping of its platform, as there are  adequate security safeguards to prevent automated scripts from collecting user information, TikTok added. 

The company also claims that the data samples are publicly accessible information and not a result of compromise of their systems, networks or database. 

Neither TikTok nor WeChat have responded to requests for additional comment.

In discussions on the Hacker News forum, some forum participants suggested that the data looks like it came from a third party that integrates with TikTok for marketing or e-commerce purposes.

However, TikTok has dismissed those claims, stating that while the sample appears to contain data from one or more third-party sources, they are not affiliated with the company. 

TikTok also added that they do not believe users need to take any proactive actions. 

The hackers’ statements have generated a lot of interest and several security experts immediately got on the job to verify the claims. 

Experts say evidence of hacking is inconclusive

“This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info. Some data is junk, but it could be non-production or test data. It’s a bit of a mixed bag so far,” tweeted Troy Hunt, a regional director at Microsoft and the creator of the Have I Been Pwned website. 

Another security expert, Bob Diachenko, tweeted saying there is no concrete conclusion about the origin of the data but validated that the leaked user data is real. 

“While there is definitely a breach, it is still work in progress to confirm the origin of data, could be a third party,” the cybersecurity consultant tweeted. 

Privacy concerns about TikTok grow

WeChat is a China-based instant messaging and social media platform developed by Tencent. On its part, TikTok is owned by China-based company ByteDance and many countries have expressed concerns that it is sending its user information back to China. 

While TikTok has time and again denied these allegations, last month more than 80 leaked audio files from the video-sharing platform’s internal meetings revealed that China-based employees of ByteDance have repeatedly accessed non-public data about US TikTok users. 

It was revealed that engineers in China had access to US data between September 2021 and January 2022. Similar allegations were also made in 2021 after a few former employees of the app had revealed that ByteDance had access to US user data. TikTok was launched globally in September 2017. 

Last month, just before the latest allegations were made, TikTok announced that it has partnered with Oracle to host its US data on Oracle’s US-based servers. 

Last week, Australian Home Affairs Minister Clare O’Neil ordered her department to investigate the harvesting of data by TikTok amid growing concern that staff in China can access the personal information of Australians.