What you need to know
- ByteDance-owned TikTok reportedly suffered a breach exposing its source code and user data.
- The claim comes from a hacking group; however, TikTok denies it.
- TikTok's spokesperson further denies the claim suggesting exposed data is publicly available.
Over this weekend, TikTok found itself in a new data breach, according to BeeHive Cyber security group. The security team further mentioned it was carried out by a hacking group called AgainstTheWest (@AggressiveCurl). The respective Twitter Handle is now suspended (at the time of this writing).
Update: #TikTok #Breach is #Confirmed. We’ve reviewed a sample of the extracted data. To our email subscribers and private clients, we’ve already sent out warning communications. Not on the list? https://t.co/LjjH6vmNAS#DataLeak #DataBreach #CyberAlert #CyberAttack https://t.co/0diXWsfnxSSeptember 4, 2022
The BeeHive team urged TikTok users to change their current passwords and enable two-factor authentication. TikTok has quickly responded, noting the breach was incorrect (via Bloomberg).
"Our security team investigated this statement and determined that the code in question is completely unrelated to TikTok's backend source code," a spokesperson said to Bloomberg.
According to another report from Bleeping Computer, the AgainstTheWest group alleged that they have breached social media platforms such as TikTok and WeChat. The group uploaded screenshots of an alleged database belonging to the firms, which they claim was accessed on an Alibaba cloud service.
They have further insisted the said server reportedly holds 2.05 billion records and over 790 GB of user data, source code, statistics, authentication tokens, and more.
TikTok has also stated to Bleeping Computer that the hack mentioned above is incorrect. The ByteDance-owned company further insisted the shared source code from the hacking group isn't part of its platform.
"This is an incorrect claim — our security team investigated this statement and determined that the code in question is completely unrelated to TikTok's backend source code, which has never been merged with WeChat data," TikTok stated to Bleeping Computer.
TikTok spokesperson Maureen Shanahan talked to The Verge, stating, "We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases."
"We do not believe users need to take any proactive actions, and we remain committed to the safety and security of our global community."
Troy Hunt, the founder of Have I Been Pwned, has been following the initial report from BeeHive. Digging in further, he suggests the alleged shared data is already publicly accessible, well, at least most of it.
But this is all publicly accessible data so it *could* have been constructed without breach, let's look further...September 4, 2022
In another tweet, he also mentions some data matches production info that is publicly accessible, and some of it is reportedly junk. It implies it could be a mixed bag of data so far.
On the whole, the acclaimed hacking group has suspended its Twitter showcasing the alleged hack. The group has also been banned from a forum citing "lying about data breaches."
