There have been reports that TikTok U.S. has been hacked, first on an online data breach marketplace forum and then on Twitter over the weekend. A TikTok spokesperson has denied the breach and said no evidence of a security breach had been found.
TikTok’s alleged hack
The supposed hack first appeared on the Breach Forums message board on September 3. User AgainstTheWest posted screenshots allegedly taken from a TikTok and WeChat breach. This user posted two samples of the alleged stolen data and a video of one set of the database tables, saying they had “yet to decide if we want to sell it or release it to the public.”.
In addition, the poster claimed that they had extracted 2.05 billion records from the database. The user BlueHornet|AgainstTheWest also claims to have stolen “internal backend source code” on September 3.
No security breach has been reported by TikTok
TikTok’s spokesperson said in a news report that their security team “investigated this statement and determined that the code in question is unrelated to TikTok’s backend source code”.
To verify whether the sample data was genuine, Troy Hunt of haveibeenpwned posted a thread on Twitter. Having analysed the data, Hunt concludes that it is “pretty inconclusive.” Hunt also said he discovered some data that matches production information, but that information was already publicly available. He also found some ‘junk’ data, which he says might be non-production or test data.
Advice for TikTok users
As of date of publication, there is no evidence of TikTok accounts being compromised, but it’s a good idea to ensure your account is protected. For their safety, TikTok users should change their passwords, enable security alerts, and add two-factor authentication (2FA) to their accounts.
You might also be interested in: Cyber Security Guide