On September 3, 2022, a hacker operating under the name of AgainstTheWest claimed on a hacking forum that TikTok and WeChat had been breached and a database had been stolen from an Alibaba cloud repository that contained the personal information of users of the platforms. TikTok and WeChat are both Chinese companies; however, the companies are not owned by the same parent company, which suggests that the hacking claim may not be accurate.
The hacker claims the 790 GB database contains 2.05 billion user records along with statistics, software code, authentication tokens, server information, software source code, and more. Screenshots and other images were published in support of the claim, along with links to samples of the data. The poster claims to have extracted 2 billion records from the database.
A similar claim was made by BlueHornet|AgainstTheWest on Twitter, who claims to have stolen TikTok’s backend source code. AgainstTheWest is the name of a hacking group that conducts attacks on organizations that the group perceives to be a threat to Western countries, and much of its focus is on China and Russia. The group said in posts that the decision has yet to be taken on whether the stolen data will be released to the public or sold.
TikTok has responded to the claims and said the source code allegedly stolen is not in any way related to the source code of the platform and said it has found no evidence of a security breach and that the claims of the hackers are false. TikTok also said the data of TikTok and WeChat has never been merged into a database. An alternative to a breach of internal systems is user data may have been scraped from the public profiles of platform users. TikTok said the data could not have been obtained from scraping public profiles as security measures are in place to prevent automated attempts to scrape user data. That does not mean the database does not contain TikTok user information, only that – if the data is valid – that it may have been stolen from a third party such as a data broker, and that the data of TikTok and WeChat users may have been added to a single database for marketing or e-commerce properties.
Attempts have been made to verify the data, with Troy Hunt of HaveIBeenPwned confirming that at least some of the data that has been released so far is valid, and while there have been some matches with TikTok production information, the information that has been verified is publicly available, so it has not been possible to determine if the hacker’s claims are valid and there has been a TikTok data breach. Other security researchers have also been investigating the claims but have not been able to establish the origin of the data, although some of the data has been validated.
Until more is known, users of TikTok and WeChat should consider changing their account passwords and ensuring multifactor authentication is set up on their accounts as a precaution.