TikTok users must change their passwords as soon as they can.
The world's most popular social media app has allegedly experienced a security breach that compromised the app's source code, possibly revealing the account details of billions of TikTok users.
The data breach follows a report from Microsoft revealing a vulnerability that can allow hackers and cybercriminals to compromise users' accounts and privacy.
TikTok Alleged Data Breach Details
The security community reportedly claimed that TikTok and its users are now vulnerable following a post on a hacking forum claiming to be in possession of a database with more than two billion entries related to TikTok and WeChat accounts, per Engadget.
Forbes mentioned that the first report of the breach appeared on the Breach Forums message board on Sept. 3, with a user going by the online handle "AgainstTheWest" posting screenshots of the database.
AgainstTheWest mentioned that he and the hacking groups he belongs to obtained TikTok's database, which is 790GB big and holds 2.05 billion records, from an insecure cloud server.
According to Bleeping Computer, the database holds more than just user data. It also contains platform statistics, software code, auth tokens, server info, and other important data.
They then mentioned in the post that the hacking group, as a whole, has yet to decide if they want to sell the data or release it to the public.
Read More: [RETRO GAMING] Do You Remember the PlayStation Game Tenchu: Stealth Assasins?
They then posted a link to two samples of the data they managed to obtain from the breach, along with a video of one set of database tables.
This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info. Some data is junk, but it could be non-production or test data. It's a bit of a mixed bag so far.
— Troy Hunt (@troyhunt) September 5, 2022
However, Troy Hunt, the owner of the website "Have I Been Pwned?", mentioned on Twitter that the sample data they posted was already accessible. As such, the data could have been constructed without the need for a breach.
Hunt also described the data the hackers published as "pretty inconclusive" overall, explaining that while some data match production info, despite being publicly available, some are junk.
Unfortunately, AgainstTheWest stated in their post that they also have stolen "internal backend source code."
For those unaware, a backend source code is part of a company's backend system, which is a structure or setup that runs and supports corporate back-office applications, such as Inventory Control, Accounting, and Information Technology, per Techslang and Techopedia.
TikTok's Response
TikTok prioritizes the privacy and security of our users’ data. Our security team investigated these claims and found no evidence of a security breach. https://t.co/TdCZDUFLPN
— TikTokComms (@TikTokComms) September 5, 2022
TikTok has officially denied the breach, saying that the source code allegedly posted by the hackers is "unrelated to TikTok's backend source code."
A TikTok spokesperson posted a statement on Twitter that its security team investigated AgainstTheWest's claims of a data breach but has found no evidence of one. It also assured people that it prioritizes the privacy and security of its users' data.
Even so, security experts like ESET global cybersecurity advisor Jake Moore strongly advise TikTok users to change their passwords and ensure they have enabled two-factor authentication to protect them from hacking attempts.
He added that although the alleged breach highlights the fact that TikTok also attracts criminal hackers that can prove to be relentless in looking for any vulnerability they can exploit.
Related Article: Microsoft Reports TikTok Android App Flaw That Lets Hackers Take Over Accounts
