tiktok

TikTok denies recent claims it was breached, and source code and user data were stolen, telling BleepingComputer that data posted to a hacking forum is "completely unrelated" to the company.

On Friday, a hacking group known as 'AgainstTheWest' created a topic on a hacking forum claiming to have breached both TikTok and WeChat. The user shared screenshots of an alleged database belonging to the companies, which they say was accessed on an Alibaba cloud instance containing data for both TikTok and WeChat users.

The threat actor says this server holds 2.05 billion records in a massive 790GB database containing user data, platform statistics, software code, cookies, auth tokens, server info, and many more.

Announcement of TikTok and WeChat breach on a hacker forum
Announcement of TikTok and WeChat breach on a hacker forum
Source: BleepingComputer

While the name AgainstTheWest may sound like the hacking group is targeting Western countries, the threat actors claim to only target countries and companies hostile to Western interests.

"Don't let the name confuse you, ATW targets countries they perceive to be a threat to western society, currently they are targeting China and Russia and have plans to target North Korea, Belarus and Iran in the future," explains cybersecurity researcher CyberKnow.

TikTok denies being hacked

TikTok has told BleepingComputer that the claims of the company being hacked are false. Furthermore, the company said the source code shared on hacking forums isn't part of its platform.

"This is an incorrect claim — our security team investigated this statement and determined that the code in question is completely unrelated to TikTok's backend source code, which has never been merged with WeChat data." - TikTok.

TikTok also told us that the leaked user data could not result from a direct scraping of its platform, as they have adequate security safeguards to prevent automated scripts from collecting user information.

BleepingComputer has also reached out to WeChat for a statement, but we have not yet received a response from them.

While WeChat and TikTok are both Chinese firms, they are not owned by the same parent company, with the former belonging to Tencent and the latter to ByteDance. Therefore, seeing them both in a single database indicates that it was not a direct breach on each platform.

Most likely, the unprotected database was created by a third-party data scraper or broker who scraped public data from both services and saved it into a single database.

The two companies are constantly in the spotlight of privacy investigations by national services, so finding such a rich cloud instance containing both companies' data is raising suspicions.

Troy Hunt, the creator of the HaveIBeenPwned data breach notification service, confirmed in a Twitter thread that some of the data were valid. However, Hunt could not find anything that is not publicly available in TikTok, thus proving an internal systems breach.

Tweet from Troy Hunt

Similarly, "database hunter" Bob Diachenko has validated the leaked user data as real, but couldn't provide any concrete conclusions about the origin of the data.

Diachenko-tweet

If further analysis reveals that the data is legitimate, TikTok will be forced to take action to mitigate the leak's effects even if it wasn't breached. We have requested an additional comment from the platform on that front, but we haven't received an answer.

The story will be updated as soon as new evidence or conclusions become available.

Update 9/6/2022: The AgainstTheWest threat actor claiming to have breached TikTok and WeChat has been banned on the Breached hacking forum where they had leaked samples of the stolen data.

The owner of Breached, pompompurin, says the account was banned for not properly investigating the breach.

"This thread was restored due to multiple people asking for it back. AgainstTheWest initially deleted it. Please note that the breach is not from TikTok, and that he most likely was lying or didn't even investigate it before making such outrageous claims." - pompompurin.

Related Articles:

INC Ransom threatens to leak 3TB of NHS Scotland stolen data

Misconfigured Firebase instances leaked 19 million plaintext passwords

AT&T says leaked data of 70 million people is not from its systems

Nissan confirms ransomware attack exposed data of 100,000 people

Acer confirms Philippines employee data leaked on hacking forum