Last Friday, a group of hackers indicated on a forum dedicated to piracy that they managed to bypass the security system of the social platform TikTok. This would have allowed him to steal the source code of the application as well as data belonging to users.
To back up their claims, the hackers accompanied their message with screenshots showing the alleged databases on TikTok. The information came to light hours after Microsoft’s 365 Defender researchers reported finding a high-severity vulnerability in TikTok’s Android app. The platform belonging to ByteDance therefore returned on Monday to the words of the group of hackers after it was relayed by the Bleeping Computer site. TikTok said it found no evidence of any data breach in its system.
TikTok reassures its users about data leak allegations
According to information reported by Bleeping Computer, the hacker group calling itself “AgainstTheWest” has shared images of the alleged database stolen from TikTok on the forum. They added that the server they managed to hack contained more than 2 billion records and 790 GB of data. This astronomical amount of information would contain, according to them, data on users, the source code of the application, information on the server, cookies and authentication tokens.
Through the voice of its spokesperson Maureen Shanahan, TikTok has formally denied these allegations. In a statement to The Verge, Shanahan said:
“We have confirmed that the data samples in question are all publicly available and are not due to a compromise of TikTok’s systems, networks or databases… We do not believe that users should take any proactive measures, and we let us remain committed to the safety and security of our global community.”
It would therefore seem that contrary to what the hackers think, the data they have collected is only information of a public nature. Which is nothing like data theft as they claim.
A computer security expert of the same opinion as TikTok
Contacted by The Verge to give his opinion on the case, Troy Hunt who is one of the regional directors of Microsoft went in the same direction as TikTok. He called the data collected by the hackers inconclusive. He then added that it could well be non-production or test data that was not obtained by breach.
The creator of the Have I Been Pwned tool also gave his opinion on alleged data obtained by the same group from the Chinese messaging app WeChat. He could not determine if it was indeed stolen information. Although WeChat has not commented on its level, it is very likely that here too the hackers AgainstTheWest simply collected information that is in the public domain.
Source: The Verge