TikTok suspected of exposing billions of data records

Hackers claim to have collected billions of records of TikTok user data, while the platform claims to have not leaked information.

On September 3, on a forum specializing in buying and selling data of hackers, the account AgainstTheWest announced that it owns a large amount of data collected from two Chinese-origin social networking services, TikTok and WeChat . . Two days later, this hacker claimed to have a database of 790 GB with 2.05 billion records, including user data, source code, cookies, authentication code and server information.

AgainstTheWest claims to collect large amounts of data from TikTok and WeChat.

WeChat has not yet commented, while TikTok insists these information is untrue. "Our security team investigated and determined the code snippets in question were unrelated to the TikTok source code and they were never merged with WeChat," a platform representative told Bleeping Computer today. 5/9.

The world's largest short video service also asserts that user data cannot be leaked directly from its platform, because it is equipped with a tool to prevent scripts from automatically collecting user information.

In response to The Verge , Maureen Shanahan, a spokesperson for TikTok, also said that "the data samples in question are all publicly accessible, and do not come from a breach of the system".

In the article, the hacker shared a small sample of the collected data. Several security researchers have checked and confirmed there is a match between the leaked information and the information on the platform. However, it is not possible to confirm the leaked data from TikTok or WeChat.

"The leak is real. We are still in the process of verifying the origin of the data. Most likely from a third party," Bob Diachenko, a "data hunter", stated on his personal Twitter .

According to Bleeping Computer , WeChat and TikTok are both Chinese companies, but owned by two different companies, Tencent and ByteDance. Therefore, the appearance of information for both services in a single database indicates that this is not a direct attack on these two services. "It is very likely that the above database was collected from a third party or through an intermediary that aggregated the data of the platforms," ​​the site assessed.

The above information comes not long after Microsoft publicly disclosed a critical vulnerability in the TikTok app on Android, leading many to believe that the leak could be real. In fact, the vulnerability was discovered in February and was reported to TikTok to fix then.

According to Bloomberg , while the data leak allegations are still unclear at the moment, they could increase concerns about TikTok, as the US is stepping up measures to "dump" Chinese technology . The US has repeatedly put TikTok in the spotlight for the reason that it poses a threat to national security. Some congressmen suggested that ByteDance's short video sharing network should be blocked for collecting data on US users and sending it back to the Chinese government.