TikTok denies data breach following leak of user data

Threat actors published a sample of data allegedly stolen from TikTok, but the company denies it was breached.

The hacking collective AgainstTheWest recently published a post on Breach Forums message board claiming to have hacked TikTok and stolen source code and user data. The group published screenshots of an alleged stolen data, it claims to have had access to an Alibaba cloud instance containing data for both TikTok and WeChat users.

Threat actors reported that the server contained 2.05 billion records in a 790GB database.

TikTok denies AgainstTheWest’s claims.

“TikTok prioritizes the privacy and security of our users’ data. Our security team investigated these claims and found no evidence of a security breach.” a company spokesman told to the media.

“Our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code,” a spokesperson added.

The popular data breach hunter Bob Diachenko and his team analyzed publicly exposed data and confirmed their authenticity, but they are unable to determine the origin.

It is not clear if the source of the data is the Chinese firm or a third-party partner.

TikTok also told Bleeping Computer that the leaked user data could not result from a direct data scraping activity because the company has adopted security measures to prevent this practice.

I’ll continue to follow the story … stay tuned!

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, TikTok)

[adrotate banner=”5″]

[adrotate banner=”13″]