Previous
TikTok Denies Cyber Attack: Did It Really Happen?
Learn how PurpleSec’s experts can protect your business against the latest cyber attacks.
Author: Dušan Trojanović / Last Updated: 9/24/2022
Reviewed By: Dalibor Gašić, & Michael Swanagan, CISSP, CISA, CISM
View Our: Editorial Process
Table Of Contents
Summary Of The Attack
- Popular short-form social video platform TikTok denied reports that it had been compromised by the hacking group after they claimed to have gained access to an insecure cloud server.
- A hacker organization called “AgainstTheWest” posted a discussion on a forum and claims that this server contains 2.05 billion records in a vast 790GB database containing user data, platform statistics, software code, cookies, auth tokens, server info, and many more.
- Microsoft Corporation revealed on August 31 that it has discovered a high severity vulnerability in TikTok’s Android application that could have been used by attackers to quickly compromise user accounts.
- It is advised for users of the TikTok video platform to update their passwords and enable two-factor authentication.
What Happened?
Popular short-form social video platform TikTok denied reports that it had been compromised by the hacking group AgainstTheWest after they claimed to have gained access to an insecure cloud server and also mentioning the source code posted on hacking forums isn’t part of its platform.
What Was The Impact?
The denial comes in response to suspected hacking reports that appeared on the breach forums message board on the 3rd of September. The threat actor claimed that the server holds 2.05 billion records in a massive 790GB database.
TikTok also mentioned that the leaked user data could not result from a direct scraping of its platform, as they have adequate security safeguards to prevent automated scripts from collecting user information.
How This Attack Happened
A hacker organization called “AgainstTheWest” posted a discussion on a forum on the 3rd of September, a hacking group known as ‘AgainstTheWest’ created a topic on a hacking forum claiming to have breached both TikTok and WeChat.
The user shared images of what they claim to be screenshots of a database used by the companies, accessed on an Alibaba cloud instance, containing data for both TikTok and WeChat users.
The threat actor claims that this server contains 2.05 billion records in a vast 790GB database containing user data, platform statistics, software code, cookies, auth tokens, server info, and many more.
WeChat and TikTok are both Chinese companies, however, they are not owned by the same parent company.
WeChat is owned by Tencent, while TikTok is owned by ByteDance. Thus, the fact that they were both found in the same database suggests that there was not a direct breach on each platform.
Most likely, the unprotected database from a third-party data scraper or broker who scraped publicly available data from both services and exported data into a single database.
Additionally, some security researchers verified the authenticity of the user data that was exposed, but they were unable to draw any firm conclusions regarding the data’s origin.
Personnel from TikTok confirmed that the data samples described are all publicly available and are not the result of any breach of TikTok systems, networks, or databases.
Microsoft Reveals Vulnerability
Microsoft revealed on August 31 that it has discovered a high severity vulnerability in TikTok’s Android application that could have been used by attackers to quickly compromise user accounts.
The vulnerability discovered by Microsoft is a more specific problem that may have affected Android-powered mobile devices and placed millions of accounts at risk.
In February 2022, Microsoft informed TikTok of the issue, and less than a month later, the vulnerability was addressed.
For East and Southeast Asia, TikTok’s Android app is available in two flavors: com.ss.android.ugc.trill for that region, and com.zhiliaoapp.musically for the rest of the world.
Microsoft conducted a vulnerability study on the TikTok Android app and found that the issues were affecting both versions of the app, which have over 1.5 billion installations through the Google Play Store.
As part of our responsible disclosure policy, a Microsoft security researcher informed TikTok of the flaws in February 2022 via Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR).
How PurpleSec Helps To Secure Your Organization
Our vulnerability management services and penetration testing services provide a holistic approach to securing what’s most important to you.
Was TikTok Breached?
Even though TikTok has strongly denied a breach, the data in the database may have originated from other sources. If the further analysis reveals that the data is legitimate, TikTok will be required to take action to mitigate the leak’s effects even if it wasn’t penetrated.
How Can You Protect Yourself?
It is advised for users of the TikTok video platform to update their passwords and enable two-factor authentication.
Related Articles:
Dušan Trojanović
Dušan is a Senior Security Engineer actively working as a penetration tester in DevSecOps projects. He is also an avid security researcher bringing forward analysis on the latest attacks and techniques.
Recent Attacks
- Top 10 Cyber Attacks In 2022
- Top 10 Vulnerabilities In 2022
- Rackspace Ransomware Attack
- Dropbox Suffers Data Breach
- Iranian APT Uses Log4j
- Google SEO Poisoning Campaign
- Killnet DDoS Target Airports
- Advocate Aurora Health Data Leak
- Microsoft 2.4 TB Data Leak
- Optus Exposes 2.1M Customers
- $570M Binance Coin Hack
- TikTok Denies Cyber Attack
- NATO Data Leak
- Uber’s Systems Compromised
- Cisco Cyber Attack
- Samsung Exposes PII
Popular Articles
Ransomware Attacks
Preventing Attacks
HEALTHCARE
GOVERNMENT
CRYPTO