TikTok Data Breach Exposing 2B Records And Source Code May Not Have Happened After All

Last week, Microsoft revealed a vulnerability in the TikTok Android app that threat actors potentially could have exploited to hijack TikTok user accounts with a single click. Fortunately, TikTok patched the vulnerability earlier this year before its disclosure. However, shortly after Microsoft publicly disclosed the vulnerability, a Breach Forums user claimed to have access to a server containing 6.7TB of data stolen from TikTok, as well as the Chinese messaging app WeChat. While TikTok still appears to be conducting an investigation into the matter, the company has denied any claims that it was subject to a data breach.

An unknown actor with the username “AgainstTheWest” announced the supposed breach on Breach Forums, a hacking forum that functions as a successor to RaidForums, which US law enforcement seized back in February. In July, a Breach Forums user by the name of “ChinaDan” announced the theft of one billion records from the Shanghai National Police database. This breach marked China’s largest data breach in history. However, only a couple months later, AgainstTheWest claimed to have evidence of an even larger breach exposing TikTok and WeChat user data and source code. The user posted samples of allegedly stolen TikTok and WeChat data as proof of the breach’s authenticity.

The data samples puzzled cybersecurity analysts who found that the samples included information that was already publicly available mixed with empty tables and information that seemed obviously fake. These analyses called into question the claim that TikTok and WeChat were breached. Not long after cybersecurity analysts conducted these initial investigations, TikTok shared the results of its own initial investigation, telling BleepingComputer that the claim of a TikTok breach was false: “This is an incorrect claim — our security team investigated this statement and determined that the code in question is completely unrelated to TikTok's backend source code, which has never been merged with WeChat data.”

AgainstTheWest responded to TikTok’s statement by deleting the forum post announcing the breach. However, pompompurin, the owner of Breach Forums, banned AgainstTheWest and restored the forum post, saying that AgainstTheWest was either lying about the TikTok breach or didn’t investigate the allegedly stolen data before claiming to possess data obtained from a TikTok breach. While it seems that TikTok wasn’t directly breached, the actual source of the data is still unclear.

The data samples include user information that TikTok intentionally makes publicly available, but not in the form of an easily readable database. One possibility is that the data was scraped from TikTok’s public-facing website. However, TikTok told BleepingComputer that it has security safeguards in place to stop automated scripts from scraping its platform to collect user information. Another possibility is that the data was scraped or stolen from a third-party platform that integrates with TikTok.

A TikTok spokesperson made a statement to Forbes that lends credence to this theory: “Our security team has found no evidence of a security breach. We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases. The samples also appear to contain data from one or more third-party sources not affiliated with TikTok.” After digging through the data that appears to have come from third-party sources, cybersecurity analyst Bob Diachenko stated on Twitter that the “Data is likely to come from Hangzhou Julun Network Technology Co., Ltd rather than TikTok.” We’ll have to see whether further investigations confirm this conclusion.