Cyber Security News

Alleged TikTok Hack Could Expose Almost 7 Terabytes of User Data

Cyber criminals allegedly exploited an insecure server containing almost 7 terabytes of data.

An alleged hack of TikTok may have exposed the data of over 1 billion of its users.

Talk of the attack started spreading on the 3rd of September 2022. The cyber criminals reported to have exploited an insecure server containing personal information of TikTok users, sharing leaked SQL datafiles onto a popular hacking forum. 

The alleged hackers, posting on the dark web under the username AgainstTheWest claimed: "Who would have thought that TikTok would decide to store all their internal backend source code on one Alibaba Cloud instance using a trashy password?"

They claim to have access to almost 7 terabytes of data from TikTok and WeChat users. 

The attackers stated that they are still considering whether to sell the entirety of the stolen data, or release it to the public. This is a common practice amongst cyber criminals, as the leaked information from one attack can be exploited by the hacker community to conduct further cyber attacks for financial gain. 

One of the biggest concerns regarding this attack is that it could potentially affect users worldwide, a significant proportion of whom are minors. 

Some have claimed that leaked data could include breached email addresses, passwords, oauth tokens, payment card information and more. 

This breach was reported to be linked to a vulnerability found by Microsoft 365 Defender Research Team, which allegedly allowed the hacking of accounts with a single click. The vulnerability allowed the app’s deeplink verification to be bypassed. Attackers could force the app to load an arbitrary URL to the app’s WebView, allowing the URL to then access the WebView’s attached JavaScript bridges and grant functionality to attackers.

It is highly probable that this attack only involved individual users rather than the underlying database. The vulnerability discovered by Microsoft only affected the TikTok server, which was not breached in this instance. Furthermore, the vulnerability was patched at the end of August.

TikTok is currently denying that the attack took place at all. Some suggest that the data is not actually from TikTok, but rather from Hangzhou Julun Network Technology Co., Ltd. 

Whether the attack is real or not is still under question, and will be publishing further updates as the situation evolves.

Interested in speaking to a DFIR specialist?

Contact Us

Trusted by the best to defend against and respond to cyber crises.

See our partners