Advertisement
Tech

The claim of a big TikTok ‘hack’ may just be internet bluster

‘The code in question is completely unrelated to TikTok’s backend source code.’

Photo of Mikael Thalen

Mikael Thalen

man carrying large phone with TikTok logo

TikTok denied claims that it was breached after hackers published data last week they alleged was stolen from the company.

Featured Video

A hacking group known as “AgainstTheWest” claimed on Friday in a post on a hacking forum that it had pilfered internal data from TikTok as well as the instant messaging platform WeChat.

The post included screenshots of a database that allegedly contained source code as well as user data. The hackers further claimed that the database was found on an Alibaba cloud server that was leaking more than 2 billion files.

“Just here to post the vast array of images and screenshots from the 2022 TikTok and WeChat databreach,” the hackers wrote. “It literally just happened.”

Advertisement

Numerous security researchers, however, immediately began questioning the veracity of the claim.

Troy Hunt, creator of the data breach notification service “Have I Been Pwned,” noted that much of the data he examined in the alleged breach had already been public.

“This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info,” he said. “Some data is junk, but it could be non-production or test data. It’s a bit of a mixed bag so far.”

In a statement shortly after, TikTok revealed that upon investigation it determined that the data was not internal source code as claimed.

Advertisement

“This is an incorrect claim—our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code, which has never been merged with WeChat data,” the company said.

The owner of the hacking forum where the data was shared later claimed that AgainstTheWest quietly deleted the post in response to criticism. The owner also revealed in a statement on the forum that he banned the group for “lying” about the data breach.

In a follow-up statement this week, TikTok said that it “confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks or databases.”

The company believes that the data could have instead originated from “one or more third-party sources not affiliated with TikTok.”

Advertisement

 
The Daily Dot