Hackers stole 790GB of personal information and source code from TikTok, TikTok denies data breach
A hacker stole a large amount of data from TikTok and released a screenshot of it online. While TikTok denies information leakage, saying there is no evidence of a data breach, security researchers say at least some of the data is genuine.
TikTok denies security breach after hackers leak user data, source code
According to the IT news site Bleeping Computer, on September 3, 2022, a hacker called ``AgainstTheWest'' claimed to have invaded TikTok and WeChat on an online forum.
AgainstTheWest has released screenshots of data it claims to have been stolen from TikTok and WeChat via the Alibaba cloud. The data amounts to 790GB, which is said to contain 2.05 billion records including user data, platform statistics, software code, cookies, authentication tokens, server information, etc.
It looks like a hacker targeting Western countries because it calls itself ``AgainstTheWest'', but ByteDance, which operates TikTok, is a Chinese company, and WeChat is also an application from China.
Cybersecurity researcher CyberKnow said of AgainstTheWest, ``Don't let the name fool you. AgainstTheWest targets countries it perceives as a threat to Western society. , Belarus and Iran,' he said .
While AgainstTheWest claims the data was stolen, TikTok denied any data breach and said the source code exposed on the hacker forums was not TikTok's either.
According to TikTok, the company has security safeguards in place to prevent automated scripts from collecting user data, so the leaked data was not collected directly from TikTok's platform.
In addition, BleepingComputer said, ``Given that TikTok belongs to ByteDance and WeChat belongs to Tencent, and the parent companies are different, the fact that the data of both companies was stolen from a single database does not mean that it was directly leaked from each platform. It shows no,' he said. Since both TikTok and WeChat are services that tend to attract attention due to privacy issues, it is believed that the database in question may have been scraped from open data from both services by a third party and compiled into one. showed.
On the other hand, Troy Hunt, a security researcher behind Have I Been Pwned?, a password leak checking site, has confirmed that some of the data is genuine. However, since it's open data rather than confidential data, I'm guessing it's test data or non-production data.
This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info. Some data is junk, but it could be non-production or test data. It's a bit of a mixed bag so far.
— Troy Hunt (@troyhunt) September 5, 2022
In addition, security consultant Bob Diachenko concluded that ``the data breach from TikTok is real,'' and that the data was not stolen directly from TikTok, but was leaked from another company called Hangzhou Julun Network Technology. I said no. He also asks, 'But why so much data?'
Data is likely to come from Hangzhou Julun Network Technology Co., Ltd rather than TikTok. Still, the question is, why is there so much data? pic.twitter.com/zYbE7JC7mt
— Bob Diachenko ???????? (@MayhemDayOne) September 5, 2022
BleepingComputer asked TikTok for additional comments after pointing out that even if it was not stolen directly from TikTok, if the data is genuine, the impact of the outflow is unavoidable. have not been obtained.
Related Posts:
in Web Service, Security, Posted by log1l_ks