TikTok has reportedly suffered a data breach which includes 790GB of user information, although the claims have been found to be inconclusive.
The video platform’s users have been recommended to change their password and enable two-factor authentication by BeeHive CyberSecurity, the researchers who discovered the leak.
Researchers have shared screenshots of the files on Twitter, which include “record_paypal_order” or “tiktok_author_stats”. One researcher, AgainstTheWest, found that the company stored all its internal backend source code on one Alibaba Cloud instance using a weak password.
The researcher also claimed to have discovered 790GB of user information tables from the database, with current user entries at 2.05 billion, they revealed on a database forum.
“Considering the entries are from all over the world, it is unlikely we will sell or release this,” posted AgainstTheWest. “Lastly, this data contains a lot of under-aged people. Releasing such information, along with the data that is being stored without the user's knowledge is so dire that we think it could spark something dangerous.”
However, web security consultant Troy Hunt inspected some of the files and found that it was all publicly accessible data so could have been constructed without a data breach
“This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info,” Hunt wrote on Twitter. “Some data is junk, but it could be non-production or test data. It's a bit of a mixed bag so far.”
“TikTok prioritizes the privacy and security of our users’ data," a TikTok spokesperson told IT Pro. "Our security team investigated these claims and found no evidence of a security breach."
This comes after the head of the FCC called on Apple and Google to remove the platform from their app stores over its pattern of surreptitious data practices in June 2022. Commissioner Brendan Carr said that TikTok is available to millions of US citizens and it collects vast troves of sensitive data about them. He underlined that its own by ByteDance, which is “beholden” to the Communist Party of China and required to comply with the government’s surveillance demands.
-
Latitude Financial's data policies questioned after more than 14 million records stolenNews Some of the data is from at least 2005 and includes customers’ name, address, and date of birth
-
Latitude hack now under state investigation as customers struggle to protect their accountsNews The cyber attack has affected around 330,000 customers, although the company has said this is likely to increase
-
IDCARE: Meet the cyber security charity shaping Australia and New Zealand's data breach responseCase Studies IDCARE is recruiting a reserve army to turbocharge the fightback against cyber crime not just in the region, but in the interests of victims all over the world
-
Australia commits to establishing second national cyber security agencyNews The country is still aiming to be the most cyber-secure country in the world by 2030
-
Medibank bleeds $26 million in cyber costs following hackNews The company believes this figure could rise to $45 million for the 2023 financial year
-
TikTok's two new European data centres to address data protection concernsNews The company is under pressure to prove its user data isn’t being accessed by the Chinese state
-
Cyber attack on Australia’s TPG Telecom affects 15,000 customersNews It is the third cyber attack on a major Australian telco since October
-
Telstra blames IT blunder for leak of 130,000 customer recordsNews Australia’s biggest telco said that the error was due to a mismanagement of databases and not a cyber attack
