Has TikTok U.S. Been Hacked And 2 Billion Database Records Stolen?

Cybersecurity Has TikTok U. S. Been Hacked And 2 Billion Database Records Stolen? Davey Winder Senior Contributor Opinions expressed by Forbes Contributors are their own.

Co-founder, Straight Talking Cyber Following New! Follow this author to stay notified about their latest stories. Got it! Sep 5, 2022, 03:05am EDT | New! Click on the conversation bubble to join the conversation Got it! Share to Facebook Share to Twitter Share to Linkedin Messages on a breach marketplace forum claim TikTok has been breached, sample data posted online AFP via Getty Images Earlier this month, I reported how security researchers had uncovered a serious TikTok vulnerability that could have exposed users to a 1-click account takeover exploit . That issue, impacting Android app users, has long since been patched by TikTok.

However, just as TikTok users breathe a sigh of relief, reports that TikTok U. S. has been hacked have started circulating, first on an online data breach marketplace forum and then Twitter over the holiday weekend.

MORE FROM FORBES TikTok Account Takeover App Hack Only Needed 1 Click, Microsoft Says By Davey Winder The TikTok hack allegations The first reports of an alleged hack appeared on the Breach Forums message board September 3. A user with the handle of AgainstTheWest posted what was claimed to be screenshots from a TikTok and WeChat breach. In that posting, the user said, referring to the alleged stolen data, that they had “yet to decide if we want to sell it or release it to the public.

” A link to two samples of the data was published, along with a video of one set of database tables. The poster further claims to have extracted 2 billion records from the database. In a September 3 Twitter posting, the user BlueHornet|AgainstTheWest also claims to have stolen “internal backend source code.

” Hacker claims to have accessed TikTok source code Twitter MORE FOR YOU iOS 15: Apple Issues 22 Important iPhone Security Updates Widely-Used Hikvision Security Cameras Vulnerable To Remote Hijacking iOS 15 Is Available Now With These Stunning New iPhone Privacy Features Is the ‘compromised’ TikTok data genuine? Troy Hunt, of data breach information site haveibeenpwned, posted a lengthy thread to Twitter in an attempt to verify if the sample data is genuine or not. His conclusion after much analysis is that the evidence is “so far pretty inconclusive. ” Hunt goes on to say that there is some data that matches production info, but this is also publicly available anyway.

He also found some ‘junk’ data but concedes this could be non-production or test data. Has TikTok been breached? Troy Hunt analyzed the data Twitter In a Hacker News forum thread, it has been suggested that the data looks like it came not from TikTok itself but rather from a third-party that integrates with TikTok for marketing or e-commerce purposes. MORE FROM FORBES Samsung Has Been Hacked: What Data Has Been Stolen? By Davey Winder Has TikTok been hacked? So, the question remains as to whether TikTok itself has been breached or not.

The answer is, at this early stage of the story, that we simply don’t know for sure. I have reached out to TikTok for more information and will update this article just as soon as I have a statement. In the meantime, I’m inclined to lean towards the third-party breach and possibly some additional data-scraping explanation.

Although from the samples I have looked at, there is no evidence of TikTok account passwords being compromised, I would still advise that TikTok users change their passwords and ensure they have two-factor authentication (2FA) activated as an extra layer of protection. MORE FROM FORBES LastPass Hacked: Password Manager With 25 Million Users Confirms Breach By Davey Winder Update: Although I have yet to hear from TikTok, a Bloomberg U. K.

article has the following statement from a TikTok spokesperson: “Our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code. ” I will continue updating here if I hear anything further beyond the source code question. Follow me on Twitter or LinkedIn .

Check out my website or some of my other work here . Davey Winder Editorial Standards Print Reprints & Permissions.