Hackers Stole 20.5 Million Data
While a popular hacking forum brags about hacking Tiktok, the media entity itself has shot down all accusations of a breach, stating that the said hacking was completely unrelated to the company, despite mounting claims that source code and user data had been taken.
Last Friday, infamous hacker group ‘AgainstTheWest’ claimed to have breached Tiktok and WeChat, with the user posting screenshots of what they claim is a database of the companies’ information. The breached information was accessed on an Alibaba cloud platform, and included scores of information on both TikTok and WeChat users.
According to the hackers, the private server that was breached comprises of over 2.05 billion records in its enormous 790GB database. Everything from platform statistics, program code, authentication tokens, and user data, among other things, were included in the breach.
Ardent Western World Defenders
However, don’t be misled by the name “AgainstTheWest”. The hackers assert that they only target nations, businesses, and other entities that are hostile to Western interests. Currently, they are locked in cyber warfare with the likes of Russia and China, with plans to target countries Iran, Belarus, and North Korea in the near future, according to cybersecurity researcher, “CyberKnow”.
In response to all this, TikTok further denies that the claims of being hacked are false. Furthermore, the company stated that the source code shared on hacking forums does not form part of its platform. And WeChat has remained silent throughout the whole ordeal. WeChat and TikTok are both Chinese businesses, but they are not owned by the same parent company; WeChat is owned by Tencent, while TikTok is owned by ByteDance. Thus, the fact that they were both found in the same database suggests that there was not a direct breach on each platform.
Breached Data Source
The most likely scenario was that a data broker from a third party collected open data from both services and saved it to an unprotected database. As the two companies are often the subject of privacy investigations by national services, the discovery of such a rich heist containing both companies’ private data raises concerns.
As of now, the founder of HaveIBeenPwned, Troy Hunt, acknowledged that some of the information was accurate in a Twitter thread. However, the company was unable to find anything in TikTok that was not publicly available, demonstrating an internal system breach.