TikTok denies that a hack recently took place in which user data and source code were stolen. The hacker claims to have downloaded more than two billion data points and 6.7TB of data from TikTok and WeChat. The forum he posted it on has banned him.
The hacker AgainstTheWest claims to have gained access to an Oracle server where data from TikTok and WeChat was stored. The two social media have different owners; it is not immediately clear why data from these two companies would have been bundled.
On a hacker forum, AgainstTheWest claimed to have stolen a 790GB system log and downloaded a total of 6.7TB of data. The hacker spoke of 2.05 billion ‘user data’, with it being unclear whether it was 2 billion users, or 2 billion data points from a smaller number of users.
TikTok denies against BleepingComputer, among others that his servers have been hacked. The data would have “nothing at all” to do with the social medium, according to TikTok’s security team. In addition, the user data could not have been scraped directly from the platform, because the medium says it has ‘adequate security measures’ for this.
Have I Been Pwned founder Troy Hunt writes on Twitter that at least some of the data is publicly available. This could have been scraped from TikTok, or it could have come from other sources. In addition, there is data that Hunt says is ‘clearly fake’. Hunt was therefore not immediately convinced, based on the data that AgainstTheWest released, that TikTok had been hacked.
AgainstTheWest has since been banned from the hacker forum where he announced last Saturday that he had hacked TikTok and WeChat. The forum says the breach does not belong to TikTok “and that he probably lied or didn’t even investigate before making his outrageous claims.” In addition, AgainstTheWest would have lied about breaches more often, claims the forum.
Some of the ‘hacked’ TikTok data, via Troy Hunt