Hacking Forum Thread Alleging TikTok Breach Has Been Deleted

The security of Chinese-owned TikTok has been in the headlines over the past few days, amid reports that hackers had obtained the data of approximately 2 billion TikTok users.

Last Friday, a group known as ‘AgainstTheWest’ claimed in a thread on a hacking forum, to have breached both TikTok and WeChat.

The user shared screenshots of an alleged database belonging to the companies, which they claim was accessed on an Alibaba cloud instance containing data for both TikTok and WeChat users.

TikTok denial

Security researcher Troy Hunt, creator of the @haveibeenpwned service, has been tracking this development, in which the hackers claimed to have a TikTok database that contained the platform’s source code, as user information of around 2 billion TikTok users.

The alleged hacker said that they were ‘yet to decide’ if they wanted to sell the stolen data or release it to the public.

A link to two samples of the data was published, along with a video of one set of database tables allegedly containing user records.

At the weekend a TikTok spokesperson told Forbes that no evidence of a security breach has been found.

“TikTok prioritises the privacy and security of our users’ data. Our security team investigated these claims and found no evidence of a security breach,” the spokesperson told Forbes.

Troy Hunt posted a lengthy thread to Twitter in an attempt to verify if the sample data was genuine or not.

His conclusion was the evidence was “so far pretty inconclusive.”

Deleted thread

Then on Monday Troy Hunt reported that the thread on the hacking forum with the samples of alleged TikTok data had been deleted and the user banned for “lying about data breaches”.


Some security experts noted that TikTok, owned by Beijing-based ByteDance, continues attract criminal interest due to huge size.

“There has long been much scrutiny over the way TikTok handles its own security and the way it looks after the privacy of its users, which naturally attracts attention from criminal groups as well as nation-state actors,” noted Jake Moore, global cyber security advisor at ESET.

Jake Moore, ESET

“Users must make sure they have security alerts activated within the app and two-factor authentication turned on, as well as ensuring that their password used on the account is unique to any other account,” said Moore.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago