On Friday, a hacking group known as “AgainstTheWest” created a topic on a popular hacking forum claiming to have breached both TikTok and WeChat. The hacker posted screenshots showing databases that were accessed on the Alibaba cloud instance containing data for both TikTok and WeChat users.
A spokesperson for TikTok denied that the hack had occurred, and that the leaked source code isn’t part of its platform.
The statement was provided to BleepingComputer is as follows:
"This is an incorrect claim — our security team investigated this statement and determined that the code in question is completely unrelated to TikTok's backend source code, which has never been merged with WeChat data." - TikTok.
The story has some holes; WeChat and TikTok are both Chinese firms, but are owned by two different parent companies. WeChat is owned by Tencent, and TikTok by ByteDance. Seeing data in a single database would indicate that this was not a direct breach on each platform, as concluded by BleepingComputer.
The blog surmises that the data appears to be public data most likely scraped by a third-party tool, and then saved into a single database.
Cybersecurity expert and founder of HaveIBeenPwned Troy Hunt believes the data is valid, albeit nothing that is not publicly available in TikTok.
It will likely take some additional time to verify if the user data is real, part of a production system, and additional forensic details. If the breach is indeed legitimate, TikTok will likely have to follow-up with a more detailed explanation and statement.
Discover more from Cybersecurity Careers Blog
Subscribe to get the latest posts sent to your email.