TikTok hacked, over 2 billion user database records stolen: security researchers

Cybersecurity researchers discovered a potential data breach in China’s short-form video app TikTok on Monday, allegedly involving up to 2 billion user database records.

Several cybersecurity analysts tweeted about the discovery of what was “a breach of an insecure server that allowed access to TikTok storage, which they believe contained users’ personal data.”

“This is your warning. #TikTok has reportedly suffered a #data breach, and if true, there may be fallout in the coming days. We recommend that you change your TikTok #password and activate the two-factor authentication, if you haven’t already,” BeeHive CyberSecurity tweeted.

“We have reviewed a sample of the extracted data. To our email subscribers and private customers, we have already sent warning communications,” he added.

Troy Hunt, creator of data breach reporting site haveibeenpwned, posted a Twitter thread to check whether the sample data is genuine or not. For him, the evidence is “at the moment rather inconclusive”.

BlueHornet | AgaisntTheWest has posted full details on the hacked forums.

“Who would have thought that @TikTok would decide to store all their internal source code on an Alibaba Cloud instance using a rotten password?” they tweeted, explaining how easily they could download the data.

A TikTok spokesperson reportedly said in news reports that their security team “investigated this statement and determined that the code in question had no relation to TikTok’s main source code.”

The Microsoft 365 Defender research team has just discovered a vulnerability in the TikTok app for Android that can allow hackers to take control of private, short videos of millions of users after they click on a malicious link .

Microsoft discovered a high-severity vulnerability in the TikTok Android app that could have allowed attackers to compromise user accounts with a single click.

The vulnerability, which would have required a chain of several issues to be exploited, has now been patched by the Chinese company.

“Attackers could have exploited the vulnerability to hijack an account without users’ knowledge if a targeted user had simply clicked on a specially crafted link,” the tech giant said in a statement last week.



(Only the title and image of this report may have been edited by Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)

Dear reader,

Business Standard has always endeavored to provide up-to-date information and commentary on developments that matter to you and that have wider political and economic implications for the country and the world. Your constant encouragement and feedback on how to improve our offering has only strengthened our resolve and commitment to these ideals. Even in these challenging times stemming from Covid-19, we remain committed to keeping you informed and up-to-date with credible news, authoritative opinions and incisive commentary on relevant topical issues.
However, we have a request.

As we battle the economic impact of the pandemic, we need your support even more so that we can continue to bring you more great content. Our subscription model has received an encouraging response from many of you who have subscribed to our online content. More subscriptions to our online content can only help us achieve the goals of bringing you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practice the journalism we are committed to.

Support quality journalism and subscribe to Business Standard.

digital editor