Hacker reveals they have stolen data from more than one billion TikTok users
Internet attackers have allegedly breached the digital walls of TikTok to steal the personal data and information of more than one billion users, many of whom they claim are underage.
Reports of the monster data breach first cropped on a popular hacking forum in recent days with hackers claiming to have found and exploited a weak and insecure server that contained a wealth of personal information on TikTok users.
Hacking collective cybersecurity group AgainstTheWest claimed on the Breach Forums message board to reveal they have around 34GB of TikTok data currently in their possession.
With the preface that all this is "alleged" at this time, there's a post on a popular hacking forum from 12 hours ago making some pretty major claims: pic.twitter.com/M9oLXhT4Vd
— Troy Hunt (@troyhunt) September 4, 2022
"We have to decide if we want to sell it or release it to the public," they wrote on the forum.
"About 1.37 billion entries have been pulled... The entries are from all over the world... This data contains a lot of underage people."
Advert
Independent cyber security research and enforcement team BeeHive CyberSecurity confirmed the breach, revealing that they 'reviewed a sample of the extracted data' and have urged users to change their passwords and to turn on two-factor authentication.
Data security researcher Troy Hunt also analysed a 237MB sample of the files listed on the hacking forum, did his own research on the samples listed on the hacking forum.
He called the sample data shared as proof by the hacking group as a 'mixed bag'.
"Some data is junk, but it could be non-production or test data. It’s a bit of a mixed bag so far."
He added that what he had investigated was 'inconclusive', however the hackers did only reveal a small amount of data they allegedly hacked from the China-based video sharing app.
TikTok have so far denied the hacking claims.
A TikTok spokesperson told Forbes: "Our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code."
The claims coincided with a security alert from Microsoft warning of a 'high-security vulnerability' in TikTok’s Android app, which could have allowed attackers to “compromise users’ accounts with a single click.”
The alleged data breach comes shortly after a push by US legislators to ban TikTok to be banned on Apple and Android phones in the US over fears China is 'accessing user data'.
Federal Communications Commission (FCC) Commissioner Brendan Carr has urged tech companies to remove TikTok from US app stores.
"TikTok is not just another video app. That’s the sheep’s clothing," he said.
The app is already banned by both the US Army and the US Navy due to security concerns.
Topics: Social Media, Technology, TikTok, World News, Hacks
Rachel Lang