TikTok has denied a security breach after posts on hacking forums claimed to have compromised the app’s source code, as well as account details of potentially billions of people. In a statement posted to Twitter, the company said it “found no evidence of a breach,” following an investigation of the claims. The company also told Bloomberg UK that the alleged source code posted by the hackers “is completely unrelated to TikTok’s backend source code.”
Claims of a potential breach had been circulating among the security community after a post on a hacking forum claimed to be in possession of a database with more than two billion entries related to TikTok and WeChat accounts. The hacking group claimed to have obtained the TikTok records from an insecure cloud server.
The supposed hackers published a sample of the TikTok data but, as security researcher Troy Hunt pointed out, it contained data that was already publicly accessible and thus “could have been constructed without breach.” Hunt, who runs the “haveibeenpwned” service, said the data was overall “pretty inconclusive.”
TikTok prioritizes the privacy and security of our users’ data. Our security team investigated these claims and found no evidence of a security breach. https://t.co/TdCZDUFLPN
— TikTokComms (@TikTokComms) September 5, 2022
While TikTok has strongly denied a breach, the info in the database could have come from other means. As Bleeping Computer notes, it could be the result of a data broker or some other third-party that scraped publicly-available data from the service.
Claims of a security breach come just days after Microsoft researchers disclosed that they had found a “high-severity vulnerability” in TikTok’s Android app that put millions of accounts at risk. Microsoft said the vulnerability was fixed less than a month after it alerted TikTok to the issue in February of 2022. TikTok has long faced questions about its security practices and what user data is shared with parent company ByteDance. The company said last month that Oracle would review its algorithms and content moderation systems in an effort to assuage concerns.