A development about TikTok being a data breach target has emerged after the social media giant denied the allegations in a recent report. According to their statement on the issue, the leaked data on underground forums, including source code and user information, were completely unrelated to their company.
Furthermore, TikTok added that the recent claims are incorrect, specifically that their source code has never synced with WeChat data. WeChat has been involved in the issue since the threat group that claimed the attack also stated to have stolen the platform’s data alongside TikTok.
This prolific threat group, dubbed ‘AgainstTheWest,’ has shared screenshots to prove they are holding the affected firms’ databases. The leaked data had allegedly been collected from a single Alibaba Cloud instance that carried both firms’ source code and user information, summing to over 790GB.
The TikTok and WeChat data breach allegedly included 2.5B records collectively containing user data, software source code, cookies, platform stats, server info, and auth tokens, among others.
TikTok clarified in their statement that a data breach could not have transpired against their platform, especially with the adequate security defences they have applied to prevent automated scripts and unauthorised entities from harvesting critical user data.
Security experts are looking at a possible angle that involves a third-party data scraper that has collected public data from the affected services and compiled it into the compromised Alibaba Cloud instance.
However, several security researchers have attempted to validate the leaked database from ‘AgainstTheWest.’ In their investigations, they have found that some of the data are valid, although none of them was publicly available, hence negating that a data scraper has collected them from public data sources.
Some other researchers have also failed to locate the main source of the leaked data. These findings underline that a breach of TikTok’s internal systems is still likely.
TikTok has not provided further comments on the issue, while WeChat has yet to give any.
Given the possible compromise between the two social media giants, users must promptly secure their accounts by strengthening their passwords and activating multi-factor authentication.
