Hacking Forum Thread Alleging TikTok Breach Has Been Deleted

The security of Chinese-owned TikTok has been in the headlines over the past few days, amid reports that hackers had obtained the data of approximately 2 billion TikTok users.

Last Friday, a group known as ‘AgainstTheWest’ claimed in a thread on a hacking forum, to have breached both TikTok and WeChat.

The user shared screenshots of an alleged database belonging to the companies, which they claim was accessed on an Alibaba cloud instance containing data for both TikTok and WeChat users.

TikTok denial

Security researcher Troy Hunt, creator of the @haveibeenpwned service, has been tracking this development, in which the hackers claimed to have a TikTok database that contained the platform’s source code, as user information of around 2 billion TikTok users.

The alleged hacker said that they were ‘yet to decide’ if they wanted to sell the stolen data or release it to the public.

A link to two samples of the data was published, along with a video of one set of database tables allegedly containing user records.

At the weekend a TikTok spokesperson told Forbes that no evidence of a security breach has been found.

“TikTok prioritises the privacy and security of our users’ data. Our security team investigated these claims and found no evidence of a security breach,” the spokesperson told Forbes.

Troy Hunt posted a lengthy thread to Twitter in an attempt to verify if the sample data was genuine or not.

His conclusion was the evidence was “so far pretty inconclusive.”

Deleted thread

Then on Monday Troy Hunt reported that the thread on the hacking forum with the samples of alleged TikTok data had been deleted and the user banned for “lying about data breaches”.

Some security experts noted that TikTok, owned by Beijing-based ByteDance, continues attract criminal interest due to huge size.

“There has long been much scrutiny over the way TikTok handles its own security and the way it looks after the privacy of its users, which naturally attracts attention from criminal groups as well as nation-state actors,” noted Jake Moore, global cyber security advisor at ESET.

“Users must make sure they have security alerts activated within the app and two-factor authentication turned on, as well as ensuring that their password used on the account is unique to any other account,” said Moore.