Gridware Logo

TikTok Denies Breach After Hacker Claims They Stole 2 Billion Data Records

Share:

There have been reports that TikTok U.S. has been hacked, first on an online data breach marketplace forum and then on Twitter over the weekend. A TikTok spokesperson has denied the breach and said no evidence of a security breach had been found. 

TikTok’s alleged hack

The supposed hack first appeared on the Breach Forums message board on September 3. User AgainstTheWest posted screenshots allegedly taken from a TikTok and WeChat breach. This user posted two samples of the alleged stolen data and a video of one set of the database tables, saying they had “yet to decide if we want to sell it or release it to the public.”.

 In addition, the poster claimed that they had extracted 2.05 billion records from the database. The user BlueHornet|AgainstTheWest also claims to have stolen “internal backend source code” on September 3.

No security breach has been reported by TikTok

TikTok’s spokesperson said in a news report that their security team “investigated this statement and determined that the code in question is unrelated to TikTok’s backend source code”. 

To verify whether the sample data was genuine, Troy Hunt of haveibeenpwned posted a thread on Twitter. Having analysed the data, Hunt concludes that it is “pretty inconclusive.” Hunt also said he discovered some data that matches production information, but that information was already publicly available. He also found some ‘junk’ data, which he says might be non-production or test data.

Advice for TikTok users

As of date of publication, there is no evidence of TikTok accounts being compromised, but it’s a good idea to ensure your account is protected. For their safety, TikTok users should change their passwords, enable security alerts, and add two-factor authentication (2FA) to their accounts.

You might also be interested in: Cyber Security Guide

Picture of Ahmed Khanji
Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. He is recognised for his insights into offensive security and emerging technologies such as blockchain, and often contributes to broader cybersecurity conversations across the country. With an extensive background as a security advisor to major Australian enterprises, Ahmed helps organisations navigate the evolving threat landscape with clarity and confidence.

Related Articles​

What Is a Managed Security Service Provider (MSSP)?

Managed Security vs In-House Security Team: Which Makes More Sense for Your Business?

How to Build a Cyber Incident Response Plan for Your Australian Business

Our services

We partner deeply with clients to understand their needs, working closely and iteratively to provide robust, best-in-class security solutions

Learn more about the team at forefront of the Australian Cyber Security scene.

Gridware team
Learn more about our renowned partners and awards.

Expert penetration testing

Incident investigation & remediation

Governance, Audits & Strategy

Simulate real attacks

Security-as-a-service

24x7x365 Security Operations Centre

Comprehensive & proactive security

Harness the benefits of cloud technology

End-to-end security suite

Swift, expert-led incident resolution

Resources

A collection of our published insights, whitepapers, customer success stories and more.

Resources

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

RSPCA logo
Nikon logo

Download our Cyber Governance Factsheet

Network Penetration Testing

Get a quote

Please fill out the form so we accurately can quote your project:

Emergency Assistance

Under Attack?

Please fill out the form and we will respond ASAP. Alternatively, click the button to call us now.

Download our Incident Response Factsheet