TikTok hack: Have billions of user records been exposed?

(Image credit: ByteDance)

TikTok has denied claims that hackers have managed to steal more than two billion sensitive database records, including user data and platform source code.

Rumors of a breach originated with a post to an online hacking forum, in which a user called AgainstTheWest claimed to have exploited a TikTok server vulnerability to gain access to gigabytes of data.

However, TikTok says it has found “no evidence of a security breach” and that the records have been scraped from public sources. Analysis of the leaked files by cybersecurity experts appears to corroborate this version of the story.

TikTok scrutiny

Owned and operated by Chinese company ByteDance, TikTok has been under the spotlight since it rose to prominence in western markets back in 2019. Today, the short-form video platform commands more attention per user than Facebook and Instagram combined and the app has been downloaded more frequently than any other in each of the past five quarters.

In 2020, ex-US President Donald Trump moved to ban the platform, which he perceived as a threat to national security. Although the ban never came to pass, in an effort to allay privacy and security concerns, ByteDance agreed to move data related to US-based TikTok users to servers operated by Oracle.

The US software company is also in the process of auditing the platform’s recommendation algorithms, to ensure they are not being manipulated for political purposes by the Chinese Communist Party (CCP), which has traditionally exercised a significant level of control over corporations based in China.

> More than one billion TikTok users exposed to 'one-click account hijacking'

> Our list of the cloud best backup services on the market

> TikTok security chief steps down over Oracle database move

Irrespective of these safety mechanisms, rumors of a large-scale data breach will heighten the focus once again on the platform’s data management practices.

But TikTok claims the data published online was not exposed as a result of a weakness in its security posture, and nor does it relate to source code actively deployed in the platform’s backend.

“We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok Systems, networks, or databases,” said the firm, in a statement.

“We do not believe users need to take any proactive actions, and we remain committed to the safety and security of our global community.”

Shield your accounts with the best password managers and best security keys available

Via The Independent, The Verge

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.