TikTok has denied a security breach after hackers claimed to have leaked alleged user data and source code.
Over the weekend, reports circulated on an online data breach marketplace forum and then on Twitter that TikTok US had been hacked.
Reports of an alleged hack first appeared on the Breach Forums message board on September 3.
On Friday, a hacking group known as ‘AgainstTheWest’ claimed to have breached both TikTok and WeChat. The user shared screenshots of an alleged database belonging to the companies, which they say was accessed on an Alibaba cloud instance containing data for both TikTok and WeChat users.
The alleged hacker said that they were ‘yet to decide’ if they wanted to sell the stolen data or release it to the public.
A link to two samples of the data was published, along with a video of one set of database tables from which the hacker claimed that they had extracted the data of around 2 billion TikTok users.
Bob Diachenko, a cyber threat intelligence analyst known for his work on database leaks and breaches, further confirmed the third-party theory.
Diachenko says that the data is likely to come from a company based out of Hangzhou City, in the Zhejiang Province, China.
Meanwhile, the ‘AgainstTheWest’ account on the breach marketplace forum where the supposed TikTok breach data samples were published has been banned for ‘lying about data breaches’. Twitter has also suspended the BlueHornet|AgainstTheWest user account.
Security experts still recommend that TikTok users change their passwords and ensure that two-factor authentication (2FA) is activated.
The Chinese video-sharing app is still on thin ice with US regulators. In June, an American communications regulator official called on Apple and Google to ban the app over ‘national security’ concerns.
Source: Read Full Article