2.05 billion pieces of data leaked? TikTok denies being hacked

TikTok recently denied that it was hacked and source code and user data were stolen.

Last Friday, a hacker group called “AgainstTheWest” posted on a hacker forum claiming to have hacked TikTok and WeChat, and released a screenshot of a database of Tiktok and WeChat, claiming that the database was in a database containing TikTok and WeChat user data. Accessed on the Alibaba Cloud instance of .

The hacker group said the server held 2.05 billion records in a massive 790GB database containing user data, platform statistics, software code, cookies, authentication tokens, server information, and more.

Although the hacker group’s name is “AgainstTheWest” (hereinafter referred to as ATW), the group claims to only target countries and companies hostile to Western interests.

CyberKnow, a cybersecurity researcher, explained: “Don’t let the name confuse you, ATW targets countries they consider to be a threat to Western society, currently they are targeting China and Russia, and plan to target North Korea, Belarus and Iran in the future .”

TikTok denies being hacked

TikTok said that claims the company was hacked were false. Additionally, the company said the source code shared on hacker forums is not part of its platform.

“This is a false claim – our security team investigated this claim and determined that the code in question has absolutely nothing to do with TikTok’s backend source code, which was never merged with WeChat data.” – TikTok.

TikTok also noted that the leaked user data could not have been caused by scraping its platform directly, as they have adequate security protections in place to prevent automated scripts from collecting user information.

We has also contacted WeChat, but has not received a response as of press time.

Although WeChat and TikTok are both Chinese companies, they do not belong to the same parent company, the former belongs to Tencent and the latter to ByteDance. Therefore, seeing data from both businesses in a single database indicates that the database does not belong to either company.

Most likely, this unprotected database was created by a third-party data scraper or proxy, scraping common data from both services and saving it into a single database. However, considering the strict privacy protection regulations, the authenticity of such a large-scale cloud exposure of private data is questionable.

HaveIBeenPwned founder Troy Hunt tweeted (below) confirming that some of the data (source code) is valid. But Hunt said that all the leaked code is publicly accessible, most likely non-production environment or test code, and there is currently no evidence that TikTok has internal system vulnerabilities.

Additionally, “database hunter” Bob Diachenko tweeted that the leaked user data had been verified to be authentic, but could not provide any specific conclusions about the origin of the data.
Although Douyin did not acknowledge the cyber attack, judging from the development of the entire incident, data protection is still very important to major companies. Enterprises should use this event as a warning to do a good job in the operation and maintenance of data within the company. Available now commonly used data protection methods, such as RHV backup, VMware backup, Xenserver backup and so on.

Comments are closed.