TikTok denies security breach after hackers claim to have records of over a billion users
TikTok has denied a security breach after posts on hacking forums claimed to have compromised the app's source code, as well as the account details of potentially billions of people. In a statement posted to Twitter, the company said it "found no evidence of a breach", following an investigation into the allegations. The company also told Bloomberg UK that the alleged source code released by the hackers "has no relation to the main TikTok source code".
Claims of a potential breach had circulated among the security community after a post on a hacking forum claimed to be in possession of a database with over two billion entries linked to TikTok accounts and WeChat. The hacking group claimed to have obtained the TikTok recordings from an unsecured cloud server.
The alleged hackers released a sample of the TikTok data but, as security researcher Troy Hunt pointed out, it contained data that was already publicly available and therefore "could have been constructed without a breach". Hunt, who runs the "haveibeenpwned" service, said the data was "rather inconclusive" overall.
I
This content is not available due to your privacy preferences. Update your settings here, then reload the page to see it.
Although TikTok has strongly denied a breach, the information in the database could have come from other means. As Bleeping Computer notes, this could be the result of a data broker or other third party mining publicly available data from the service.
The security breach allegations come just days after Microsoft researchers revealed they had found a "very serious vulnerability" in TikTok's Android app that put millions of accounts at risk. Microsoft said the vulnerability was patched less than a month after alerting TikTok to the issue in February 2022. TikTok has long faced questions about its security practices and user data shared with parent company ByteDance. The company said last month that Oracle would review its algorithms and content moderation systems to allay concerns.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you purchase something through one of these links, we may earn an affiliate commission.
TikTok has denied a security breach after posts on hacking forums claimed to have compromised the app's source code, as well as the account details of potentially billions of people. In a statement posted to Twitter, the company said it "found no evidence of a breach", following an investigation into the allegations. The company also told Bloomberg UK that the alleged source code released by the hackers "has no relation to the main TikTok source code".
Claims of a potential breach had circulated among the security community after a post on a hacking forum claimed to be in possession of a database with over two billion entries linked to TikTok accounts and WeChat. The hacking group claimed to have obtained the TikTok recordings from an unsecured cloud server.
The alleged hackers released a sample of the TikTok data but, as security researcher Troy Hunt pointed out, it contained data that was already publicly available and therefore "could have been constructed without a breach". Hunt, who runs the "haveibeenpwned" service, said the data was "rather inconclusive" overall.
I
This content is not available due to your privacy preferences. Update your settings here, then reload the page to see it.
Although TikTok has strongly denied a breach, the information in the database could have come from other means. As Bleeping Computer notes, this could be the result of a data broker or other third party mining publicly available data from the service.
The security breach allegations come just days after Microsoft researchers revealed they had found a "very serious vulnerability" in TikTok's Android app that put millions of accounts at risk. Microsoft said the vulnerability was patched less than a month after alerting TikTok to the issue in February 2022. TikTok has long faced questions about its security practices and user data shared with parent company ByteDance. The company said last month that Oracle would review its algorithms and content moderation systems to allay concerns.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you purchase something through one of these links, we may earn an affiliate commission.
What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
