Was TikTok hacked? According to the company itself, the answer to that question is: definitely not. And security researchers who have looked into the matter seem to agree.
Why is TikTok fielding claims of a data breach? On Friday, a hacker group calling itself “AgainstTheWest” posted a thread to a well-known cybercrime forum claiming to have hacked both TikTok and the popular Chinese messaging app WeChat. Members of the group shared screenshots of an alleged 790 gigabyte database that they said they breached, which supposedly held data on both apps. The hackers asserted they had stolen an astounding amount of sensitive information from this database, including proprietary company code, platform user data and statistics, and security data like cookies and authorization tokens.
The claims took on a life of their own before they could be verified. On Twitter, panic seemed particularly acute: “The data of 2 billion TikTok users (i.e. all of them) has been stolen,” one person wrote, sharing screenshots of the supposed data (TikTok reported having a billion users in Sept. 2021). Another user tweeted: “TikTok’s entire database has been breached!”
But, according to TikTok, all of this is much ado about nothing. In a statement shared with Gizmodo on Tuesday, a spokesperson denied the claims:
“Our security team has found no evidence of a security breach. We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases. The samples also appear to contain data from one or more third party sources not affiliated with TikTok. We do not believe users need to take any proactive actions, and we remain committed to the safety and security of our global community.”
Additionally, not long after the supposed “breach” was shared with the web, “AgainstTheWest” removed its boasting post. Later, the cybercrime forum banned the group for “lying about data breaches.”
Security researchers dug into the leaked data in an attempt to get to the bottom of whether it was real or not. Troy Hunt, creator of the data breach checker HaveIBeenPwned, suggested via Twitter on Monday that some of the data appeared valid, but that most of it could simply have been publicly scraped. Meanwhile, Bob Diachenko, another researcher, told Gizmodo that he had been parsing the data and found evidence that some of it was legitimate but could only speculate as to where it may have come from. Both researchers didn’t see anything that would definitively confirm the claim of a hack against TikTok.
Of course, just because “AgainstTheWest” might be full of it, that doesn’t mean that TikTok has great digital security. Just last week, researchers uncovered a pretty devastating vulnerability in the platform’s Android app that allowed for the hijacking of user accounts with a single-click exploit (basically Amazon Prime but for data theft). The flaw has since been patched, but it certainly doesn’t inspire confidence. At the same time, if you’re truly worried about data privacy and security, allow me to suggest that—for fairly obvious reasons—TikTok just isn’t the app for you.