IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

TikTok reportedly suffers data breach

However, one researcher inspected some of the files and found it included publicly accessible data which could have been put together without a breach

TikTok has reportedly suffered a data breach which includes 790GB of user information, although the claims have been found to be inconclusive.

The video platform’s users have been recommended to change their password and enable two-factor authentication by BeeHive CyberSecurity, the researchers who discovered the leak.

Researchers have shared screenshots of the files on Twitter, which include “record_paypal_order” or “tiktok_author_stats”. One researcher, AgainstTheWest, found that the company stored all its internal backend source code on one Alibaba Cloud instance using a weak password.

The researcher also claimed to have discovered 790GB of user information tables from the database, with current user entries at 2.05 billion, they revealed on a database forum. 

“Considering the entries are from all over the world, it is unlikely we will sell or release this,” posted AgainstTheWest. “Lastly, this data contains a lot of under-aged people. Releasing such information, along with the data that is being stored without the user's knowledge is so dire that we think it could spark something dangerous.”

However, web security consultant Troy Hunt inspected some of the files and found that it was all publicly accessible data so could have been constructed without a data breach

“This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info,” Hunt wrote on Twitter. “Some data is junk, but it could be non-production or test data. It's a bit of a mixed bag so far.”

“TikTok prioritizes the privacy and security of our users’ data," a TikTok spokesperson told IT Pro. "Our security team investigated these claims and found no evidence of a security breach."

This comes after the head of the FCC called on Apple and Google to remove the platform from their app stores over its pattern of surreptitious data practices in June 2022. Commissioner Brendan Carr said that TikTok is available to millions of US citizens and it collects vast troves of sensitive data about them. He underlined that its own by ByteDance, which is “beholden” to the Communist Party of China and required to comply with the government’s surveillance demands.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

Why Japan finds it so hard to digitally transform
digital transformation

Why Japan finds it so hard to digitally transform

1 Dec 2022
MSG giant Ajinomoto's chipmaking foray helps break financial records
Business strategy

MSG giant Ajinomoto's chipmaking foray helps break financial records

30 Nov 2022
India to trial digital rupee from December 2022
digital currency

India to trial digital rupee from December 2022

30 Nov 2022
Japan considers creating new cyber defence agency as attacks ramp up in region
cyber attacks

Japan considers creating new cyber defence agency as attacks ramp up in region

24 Nov 2022

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Why Japan finds it so hard to digitally transform
digital transformation

Why Japan finds it so hard to digitally transform

1 Dec 2022