TikTok refutes allegations of a massive security breach

A man walking in front of a neon TikTok sign on an office wall
(Image credit: Getty Images)

TikTok has denied being hit by a security breach after posts on hacking forums suggested the app's source code, including account details of potentially billions of users were compromised.

A database with more than two billion entries concerning TikTok and WeChat accounts had been compromised and in possession of a hacking group, according to one forum post.

However, in a statement posted to Twitter, the company said it “found no evidence of a breach,” after investigating the claims. TikTok also stated that the alleged source code made public by the hackers “is completely unrelated to TikTok’s backend source code.”

"TikTok prioritizes the privacy and security of our users' data. Our security team investigated these claims and found no evidence of a security breach," the ByteDance-owned company told The Hacker News.

Backing TikTok’s rebuttal, security researcher Troy Hunt tweeted, “This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info. Some data is junk, but it could be non-production or test data. It's a bit of a mixed bag so far."

Even so, a threat intelligence researcher at Security Discovery, Bob Diachenko, claims that the breach is indeed "real" and allowed for a “partial users data leak”, after analyzing publicly exposed data. The data is likely to have originated from Hangzhou Julun Network Technology Co Ltd rather than TikTok, added Diachenko.


An EDR buyer's guide

How to pick the best endpoint detection and response solution for your business


TikTok’s security incident comes days after Microsoft researchers discovered a “high-severity vulnerability” in TikTok’s Android app.

Last month, Oracle struck a deal with TikTok to obtain all facets of the social media firm's US user data, as well as perform data management and auditing services for the company.

TikTok entered into negotiations with Oracle almost two years after former president Donald Trump mandated the company explore divestment options over national security reasons or risk being banned from doing business in the country.