The hacking collective AgainstTheWest recently published a post on Breach Forums message board claiming to have hacked TikTok and stolen source code and user data. The group published screenshots of an alleged stolen data, it claims to have had access to an Alibaba cloud instance containing data for both TikTok and WeChat users.
Threat actors reported that the server contained 2.05 billion records in a 790GB database.
TikTok denies AgainstTheWest’s claims.
“TikTok prioritizes the privacy and security of our users’ data. Our security team investigated these claims and found no evidence of a security breach.” a company spokesman told to the media.
“Our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code,” a spokesperson added.
The popular data breach hunter Bob Diachenko and his team analyzed publicly exposed data and confirmed their authenticity, but they are unable to determine the origin.
It is not clear if the source of the data is the Chinese firm or a third-party partner.
TikTok also told Bleeping Computer that the leaked user data could not result from a direct data scraping activity because the company has adopted security measures to prevent this practice.
I’ll continue to follow the story … stay tuned!
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, TikTok)
[adrotate banner=”5″]
[adrotate banner=”13″]
As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement…
Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals…
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
This website uses cookies.