TikTok hack reportedly exposed user data, but company denies

TikTok app logo on Android
(Image credit: Jay Bonggolto / Android Central)

What you need to know

  • ByteDance-owned TikTok reportedly suffered a breach exposing its source code and user data.
  • The claim comes from a hacking group; however, TikTok denies it.
  • TikTok's spokesperson further denies the claim suggesting exposed data is publicly available.

Over this weekend, TikTok found itself in a new data breach, according to BeeHive Cyber security group. The security team further mentioned it was carried out by a hacking group called AgainstTheWest (@AggressiveCurl). The respective Twitter Handle is now suspended (at the time of this writing).

The BeeHive team urged TikTok users to change their current passwords and enable two-factor authentication. TikTok has quickly responded, noting the breach was incorrect (via Bloomberg).

"Our security team investigated this statement and determined that the code in question is completely unrelated to TikTok's backend source code," a spokesperson said to Bloomberg.

According to another report from Bleeping Computer, the AgainstTheWest group alleged that they have breached social media platforms such as TikTok and WeChat. The group uploaded screenshots of an alleged database belonging to the firms, which they claim was accessed on an Alibaba cloud service.

They have further insisted the said server reportedly holds 2.05 billion records and over 790 GB of user data, source code, statistics, authentication tokens, and more.

TikTok has also stated to Bleeping Computer that the hack mentioned above is incorrect. The ByteDance-owned company further insisted the shared source code from the hacking group isn't part of its platform.

"This is an incorrect claim — our security team investigated this statement and determined that the code in question is completely unrelated to TikTok's backend source code, which has never been merged with WeChat data," TikTok stated to Bleeping Computer.

TikTok spokesperson Maureen Shanahan talked to The Verge, stating, "We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases."

"We do not believe users need to take any proactive actions, and we remain committed to the safety and security of our global community."

Troy Hunt, the founder of Have I Been Pwned, has been following the initial report from BeeHive. Digging in further, he suggests the alleged shared data is already publicly accessible, well, at least most of it. 

In another tweet, he also mentions some data matches production info that is publicly accessible, and some of it is reportedly junk. It implies it could be a mixed bag of data so far. 

On the whole, the acclaimed hacking group has suspended its Twitter showcasing the alleged hack. The group has also been banned from a forum citing "lying about data breaches."

Vishnu Sarangapurkar
News Writer

Vishnu works as a freelance News Writer for Android Central. For the past four years, he's been writing about consumer technology, primarily involving smartphones, laptops, and every other gizmo connected to the Internet. When he is away from keyboard, you can see him going on a long drive or chilling on a couch binge-watching some crime series.