The hacking group AgainstTheWest recently published a post on the Breach Forums message board, claiming to have hacked TikTok and stolen source code and user data. The group published screenshots of an alleged stolen data, it claims to have had access to an Alibaba cloud instance containing data for both TikTok and WeChat users. The group claims to hold 2.05 billion records in a massive 790GB database containing user data, platform statistics, software code, cookies, auth tokens, server info, and more.
TikTok has told Bleeping Computer that the claims of the company being hacked are false: “This is an incorrect claim — our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code, which has never been merged with WeChat data.” TikTok further said: “We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases. We do not believe users need to take any proactive actions, and we remain committed to the safety and security of our global community.”
Popular data breach hunter Bob Diachenko and his team analyzed the publicly exposed data and confirmed its authenticity, and noted that the data’s source was Hangzhou Julun Network Technology Co., Ltd and not TikTok.
Troy Hunt, a regional director at Microsoft and the creator of the Have I Been Pwned tool, called the hackers’ data “inconclusive,” but added that “it could be non-production or test data” that likely wasn’t taken through a data breach.
Read more about it here.