Common short-form social video service TikTok denied reviews that it was breached by a hacking group, after it claimed to have gained entry to an insecure cloud server.
“TikTok prioritizes the privateness and safety of our customers’ knowledge,” the ByteDance-owned firm instructed The Hacker Information. “Our safety staff investigated these claims and located no proof of a safety breach.”
The denial follows alleged reviews of a hack that surfaced on the Breach Boards message board on September 3, with the menace actor noting that the server holds 2.05 billion data in a humongous 790GB database.
“Who would have thought that TikTok would determine to retailer all their inner backend supply code on one Alibaba Cloud occasion utilizing a trashy password?,” the hacking group often called BlueHornet (aka AgainstTheWest) tweeted over the weekend.
Bob Diachenko, menace intelligence researcher at Safety Discovery, mentioned the breach is “actual” and that the info is more likely to have originated from “Hangzhou Julun Community Expertise Co., Ltd moderately than TikTok.”
That mentioned, it is from clear in the intervening time the place precisely the info has come from and whether or not third-parties have entry to this sort of data.
“That is up to now fairly inconclusive; some knowledge matches manufacturing information, albeit publicly accessible information,” safety researcher Troy Hunt mentioned in a tweet. “Some knowledge is junk, but it surely might be non-production or check knowledge. It is a bit of a combined bag up to now.”
The event comes at an inopportune time, as the corporate continues to face mounting scrutiny for its knowledge safety practices owing to its hyperlinks to China.
Replace: In a follow-up assertion shared with The Hacker Information, the social media firm reiterated its safety staff discovered no proof of a safety breach.
“Now we have confirmed that the info samples in query are all publicly accessible and will not be as a result of any compromise of TikTok methods, networks, or databases,” a TikTok spokesperson mentioned.
“The samples additionally seem to include knowledge from a number of third-party sources not affiliated with TikTok. We don’t consider customers must take any proactive actions, and we stay dedicated to the security and safety of our international neighborhood.”
Moreover, the Twitter account of AgainstTheWest has since been suspended and allegations of the break-in have since been modified on Breach Boards to say that “the breach shouldn’t be from TikTok, and that he more than likely was mendacity or did not even examine it earlier than making such outrageous claims.”
“AgainstTheWest has had a protracted historical past of mendacity about breaches or different issues (saying he is a state-sponsored hacking group… LOL) and this was simply the tipping level,” pompompurin, the actor who launched Breach Boards earlier this March, mentioned.
