SOCRadar® Cyber Intelligence Inc. | TikTok Denies Allegations of a 2.05 Billion Record Data Breach


Sep 06, 2022
3 Mins Read

TikTok Denies Allegations of a 2.05 Billion Record Data Breach

Popular social media platform TikTok rejected claims that it had been compromised by threat actors who claimed to have obtained access to an insecure cloud server

The denial comes in response to suspected hacking posts on the Breach Forums message board on September 3.

TikTok database screenshots on a hacker forum
TikTok database screenshots on a hacker forum

The hacker group, BlueHornet (also known as AgainstTheWest) tweeted over the weekend, “Who would have thought that TikTok would decide to store all their internal backend source code on one Alibaba Cloud instance using a trashy password?”. 

The threat actor claims that the server contains 2.05 billion records in a massive 790GB database. Yet, it’s unclear exactly where the data came from and whether third parties have access to this kind of data. 

Did the Breach Actually Happen? 

According to Security Discovery threat intelligence expert Bob Diachenko, the hack is real, and the data is most likely from Hangzhou Julun Network Technology Co., Ltd rather than TikTok. 

Troy Hunt started a thread on Twitter to discuss hacking claims and determine whether the hacking was true.

Source: Twitter

Microsoft published a blog post on 31 August regarding a high severity vulnerability in the TikTok Android app. It stated that the problem might put hundreds of millions of TikTok users in danger. The vulnerability could have given attackers access to users’ accounts with just one click. They did not find any indication of in-the-wild exploitation, and the vulnerability has been patched, which would have required a chain of connected flaws to attack. Security researchers thought the hackers could leverage this vulnerability to access the allegedly TikTok database.

AgainstTheWest is Banned 

AgainstTheWest‘s account on the forum, as well as their Twitter profile, has been banned. The threat actor is suspected to be “lying about data breaches.” The forum’s creator, pompompurin, claims that the banned hacker has a long history of fake breaches.

Source: Twitter

Clarification from TikTok 

The social media company reiterated that its security team had not found any indication of a security breach. According to a TikTok representative, the data samples are all publicly available and weren’t obtained through a hack of the company’s databases or networks. Furthermore, the samples contain data from outside sources unrelated to the platform.

“This is an incorrect claim — our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code, which has never been merged with WeChat data,” TikTok officials said. 

The database was probably crafted (by a third-party scraper) using publicly available information from the TikTok and WeChat services, both Chinese businesses. 

TikTok users do not need to take any action regarding these allegations.