TikTok is denying reports that it was breached after a hacking group posted images of what they claim is a TikTok database that contains the platform’s source code and user information (via Bleeping Computer). In response to these allegations, TikTok said its team “found no evidence of a security breach.”
According to Bleeping Computer, hackers shared the images of the alleged database to a hacking forum, saying they obtained the data on a server used by TikTok. It claims the server stores over 2 billion records and 790GB worth of user data, platform statistics, code, and more.
“We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases,” TikTok spokesperson Maureen Shanahan said in a statement to The Verge. “We do not believe users need to take any proactive actions, and we remain committed to the safety and security of our global community.”
This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info. Some data is junk, but it could be non-production or test data. It’s a bit of a mixed bag so far.
— Troy Hunt (@troyhunt) September 5, 2022
Most of the “stolen” data appears to have been public-facing information scraped from the platform. Troy Hunt, a regional director at Microsoft and the creator of the Have I Been Pwned tool, called the hackers’ data “inconclusive,” but surmised “it could be non-production or test data” that likely wasn’t taken through a breach.
The hacking group, who call themselves “AgainstTheWest,” claim they also obtained data from the Chinese messaging app WeChat. However, Hunt was unable to confirm whether the hackers’ database contained stolen information, and WeChat didn’t immediately respond to The Verge’s request for comment.
Both TikTok and WeChat have come under scrutiny over their ties to China (ByteDance, TikTok’s parent company, is based in China). TikTok has taken several steps, such as housing American data on Oracle’s US-based servers, in an attempt to reverse recent reports about TikTok employees in China accessing US users’ information.