Reports emerged on September 3, 2022, that the insanely popular short video platform TikTok has been hacked by a hacking group and 2 Billion data records have surfaced on a forum. Is TikTok really hacked? Find out here along with the tips to protect your account.
The reports claimed that the hackers gained access to TikTok’s insecure cloud server and got access to data holding 2.05 billion records in a massive 790GB database.
TikTok reportedly stored all the internal backend source code on one Alibaba Cloud instance that got compromised. The incident occurred during the Labor Day weekend and the news has been spreading rapidly ever since.
TikTok Denies Claims that it got Hacked
The ByteDance-owned company, TikTok, has addressed the rumors and reports claiming it got hacked during the Labor Day weekend. “TikTok prioritizes the privacy and security of our users’ data,” the company told a cybersecurity news-based website.
“Our security team investigated these claims and found no evidence of a security breach. They determined that the code in question is completely unrelated to TikTok’s backend source code,” the statement adds.
Several cybersecurity experts and analysts have been assessing the situation and having their say on it. Let’s take a look at them.
What do the Cybersecurity Experts say about TikTok’s Hacking News?
When news about TikTok being hacked spread on social media, several IT security analysts tweeted about the data breach. Many of them joined the claim that the platform’s security was breached through an internal server that allowed hackers access to huge data records.
Threat intelligence researcher Bob Diachenko at Security Discovery stated that the breach is “real” and his team has analyzed the samples briefly. He further revealed that the data likely originated from “Hangzhou Julun Network Technology Co. Ltd rather than TikTok.
“Who would have thought that TikTok would decide to store all their internal backend source code on one Alibaba Cloud instance using a trashy password?,” the hacking group named BlueHornet (aka AgainstTheWest) said in a Tweet mocking TikTok.
TikTok users were left confused and worried about their accounts and personal details over the situation. However, it’s unknown what sort of data was affected and where it exactly came from.
Was TikTok really hacked?
Reports about claimed hacking of TikTok emerged on early Saturday morning, September 3, 2022, on the Breach Forums, a hacker and cybercrime-related forum. It has been known to serve as an alternative to the popular Raidforums.
A member of the forum using the handle “AgainsTheWest” posted screenshots of the WeChat and TikTok data breach and claimed that they hadn’t yet decided whether to leak it all or sell the data.
The alleged hacker also shared links to two data samples and a video of one set of database samples. They also claimed to have stolen TikTok’s internal backend source code. However, TikTok has denied the reports and called them a hoax.
Data security researcher Troy Hunt said in a tweet, “This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info.” He added, “Some data is junk, but it could be non-production or test data. It’s a bit of a mixed bag so far.”
Tips to keep your TikTok account safe amidst data breach
It’s unknown if TikTok was really hacked or if it was merely a case of rumor-mongering. However, you shouldn’t take the situation likely as we don’t know if the data will be available for access to third-party sources.
Recently, LastPass also got hacked. It was one of the most popular password managers in the world. You should always take security measures to keep your TikTok account protected. The first thing you should do is change the password of your TikTok account.
Follow these steps to do that:
- Tap the Profile icon in the bottom right.
- Now tap the 3-line icon in the top right.
- Next, tap on Settings and Privacy.
- Next, tap Manage account > Password.
- Now follow the instructions to reset your password.
Make sure you set a strong password that isn’t easy to guess. You should also turn on two-factor authentication for your account.
The unfortunate development comes as the app has already faced scrutiny across several nations lately over data privacy concerns. We’ll keep you updated with further developments on the story.