Last Friday, a hacking group known as ‘AgainstTheWest’ initiated a topic on a hacking forum that claims to have breached both TikTok and WeChat. The user also shared screenshots of an alleged database belonging to the companies. They say it was accessed on an Alibaba cloud instance containing data for both TikTok and WeChat users.
TikTok quickly denied recent claims it was breached and source code and user data were stolen, telling a publication that data posted to a hacking forum is “completely unrelated” to the company.
UPDATE: while there is definitely a breach, it is still work in progress to confirm the origin of data, could be a third party. https://t.co/A3le5oWJgN
— Bob Diachenko 🇺🇦 (@MayhemDayOne) September 5, 2022
The server holds 2.05 billion records in a gigantic 790GB database holding user data, cookies, server info, software code, platform statistics, auth tokens, and many more.
Security expert Troy Hunt – who created HaveIBeenPwned – cited on Twitter that the TikTok data acquired by the hackers is valid. Nevertheless, the database doesn’t include sensitive data. Hunt asserts that some data is junk’ since part comes from publicly accessible data.
He also stated that the database obtained by the hackers does have some internal platform information. If the information is true, it could reveal a security breach in TikTok.
TikTok has told BleepingComputer, a publication, that the claims of the company being hacked are inaccurate and the source code shared on hacking forums isn’t part of its platform.
“This is an incorrect claim — our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code, which has never been merged with WeChat data.” – TikTok said in a statement.
WeChat and TikTok are constant investigation targets since both platforms are Chinese. Moreover, earlier this year, a Federal Communications Commission commissioner asked Apple and Google to pull TikTok from the App Store and Google Play Store, respectively.
FCC had also asserted that the social network was a “sophisticated surveillance tool” for the Chinese government.