The world's most popular social media platform may have been hacked over the weekend, exposing two billion user records, along with platform statistics and source code.
However, spokespeople for TikTok have categorically denied that the platform was breached at all, noting that all the information posted on hacker forums is publicly available.
Still, given the hegemonic rivalry between the US and TikTok's home base of China, experts are hesitant to say whether or not data was stolen from the social media platform, so the question remains: Was TikTok hacked?
The TikTok Security “Breach”
On Friday, a hacking group that goes by the name “AgainstTheWest” posted on a hacking forum that they had infiltrated TikTok. In an effort to prove this fact, the group also posted screenshots of a TikTok database containing source code and user data, along with a somewhat antagonistic tweet from a now-suspended account:
“Who would have thought that TikTok would decide to store all their internal backend source code on one Alibaba Cloud instance using a trashy password?”
The alleged hack was originally discovered by Bleeping Computer, who relayed that the hackers had reportedly stolen two billion user records and 790GB worth of user data, along with “platform statistics, software code, cookies, auth tokens, and server info.”
However, the plot thickened when TikTok responded to the claims with an outright denial that this kind of breach was even possible.
TikTok Denies Security Breach Reports
As the most popular social media platform in the world, TikTok was understandably quick to respond to the breach, denying that it took any information that wasn't already publicly available.
“We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases,” said Maureen Shanahan, TikTok spokesperson, in a statement to The Verge. “We do not believe users need to take any proactive actions, and we remain committed to the safety and security of our global community.”
Furthermore, TikTok told Bleeping Computer that taking screenshots of its data is impossible given the security measures they have in place, and that the source code in question was not from TikTok at all.
Subsequently, it looks like TikTok may not have been breached, at least according to the company. But what did the experts have to say?
So Was TikTok Actually Hacked?
The jury is still out on whether or not TikTok was actually hacked. The company obviously denies the claims, but it certainly wouldn't be the first time a company tried to cover up a significant data breach.
Moreover, experts have looked into the claims by Tiktok and the hackers and concluded that the evidence is “pretty inconclusive.”
This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info. Some data is junk, but it could be non-production or test data. It's a bit of a mixed bag so far.
— Troy Hunt (@troyhunt) September 5, 2022
So, if you're a TikTok user, which a vast majority of smartphone owners are, what should you do about your account? If you're going to listen to TikTok, you don't have to do anything. According to the social media powerhouse, the breach compromised no user data, so your information is as safe as it was before the weekend.
If, however, you want to be a bit more proactive about your online security, regardless of whether or not TikTok was hacked, your best bet is to get a password manager. These tools can alert you when your passwords have been compromised, so you can avoid any future breaches. Additionally, antivirus software can be a huge help, alerting you when your device might be housing malicious software.