Posted on September 6, 2022 at 11:15 AM
TikTok has denied the claims that it was recently breached and its user data and source code were stolen. The company was referring to the data posted on a dark net forum claiming it was from TikTok. In response, it stated that the data is “completely unrelated” to the company.
This comes a few days after a threat actor known as “AgainstTheWest” posted on a hacking forum and claimed to have compromised both WeChat and TikTok. The user shared screenshots of the supposed breach they claimed were stolen from both firms. According to the hackers, the data was accessed on the Alibaba cloud instance. They also noted that the server has about 2.05 billion records in a huge 790GB database containing platform statistics, user data, software code, auth tokens, server info, cookies, and more.
The name AgainstTheWest seemed like the threat actors are only targeting Western countries. However, the hackers claimed they are interested in countries and companies that are against Western interests.
Cybersecurity researcher CyberKnow also says the name does not reflect the actual targets for the hackers. Instead, ATW targets countries they perceive to be a threat to the western society. The researcher said that they are launching attacks against Russia and China and have plans to target Iran, Belarus, and North Korea in the future.
TikTok Says Claims Are Completely False
According to TikTok, the claims that its servers have been hacked are not true. The company stressed that none of the claims is true and there is no correlation between the hackers’ claims and the firm’s data. TikTok further says the source codes and data the hackers have shared on the dark net forum are not from TikTok’s platform.
The platform also assured the public that its security team has investigated the claims made by the hackers and found no correlation between the posted data and what the platform has. Additionally, its backend source code has never been merged with WeChat data, and there is no basis to think that the uploaded data is from the company.
There Is No Way The Leaked Data Came From Scrapping
TikTok says there is no way the posted data was from direct scrapping from its platform. The company pointed out that it has adequate security safeguards that prevent any automated scripts from collecting user details.
WeChat has also been contacted to gain more insight into the claims by the hackers, but the company has not responded to inquiries yet.
Although TikTok and WeChat are both Chinese companies, they have different owners and management. The former belongs to ByteDance while the latter is owned by Tencent. As a result, having both of their source codes on a single database is an indication that it was not a direct breach on either of the platforms if ever there was a breach.
Researchers have noted that the most likely scenario is that a third-party scraper created the unprotected database. It could have been scrapped meticulously from the public server and saved into one database. While the said details of users on these social media platforms are available to the public, it’s an offense to scrap them and use the details for marketing or other phishing activities.
Some Of The Uploaded Data Are Valid
The two firms are always on the radar of national services and agencies. As a result, finding such a huge cloud instance that contains both data raises suspicions.
The creator of the HaveIBeenPwned data breach notification service, Tony Hunt, confirmed that some of the data he has seen are valid. But Hunt said he didn’t see any information on the data that are not available to the public.
Another researcher known as Bob Diachenko or “database hunter” has also validated the stolen user data as authentic. But he is not very sure about the origin of the said data. If additional analysis of the data showed that TikTok’s data was actually leaked, the platform may be forced to take action to mitigate the impact of the breach.
Meanwhile, the AgainstTheWest hacker that claimed that the data was stolen from WeChat and TikTok has been banned from Breached, the dark net forum from where the breached data was uploaded. The owners of the forum stated that the account was banned because they did not investigate the breach properly.