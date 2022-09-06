TikTok has denied claims by a hacker group that it says having stolen data from billions of users around the world and the source code of the social network. It all started on Friday, when a group of hackers known as “AgainstTheWest” claimed on a hacker forum that they had breached both TikTok and WeChat messaging app data. The forum in question is Breached.to.

Specifically, the hackers say they have information from more than 2,000 million users and the source code of the Chinese social network. According to what she said, she accessed an instance of the Alibaba cloud that contains data from TikTok and WeChat users.

The hacker even shared screenshots of an alleged database belonging to these companies in which he allegedly has 2.05 billion records with 790 GB containing user data, platform statistics, software code, cookies, authenticity tokensserver information and much more.

This is your forewarning. #TikTok has reportedly suffered a #data #breachand if true there may be fallout from it in the coming days. We recommend you change your TikTok #password and enable Two-Factor Authentication, if you have not done so already. pic.twitter.com/SvifAp5B24 — BeeHive CyberSecurity (@BeeHiveCyberSec) September 4, 2022

For now, TikTok denies it, We Chat has not commented and Microsoft has found a serious vulnerability in the video social network. There are those who believe that TikTok lies to safeguard its image (we must remember the constant suspicions that it is a tool used by the Chinese government, which it has to please, to obtain information).

‘Sgroogled.com’: when MICROSOFT launched ANTI-GOOGLE ads

TikTok denies everything

After this, a few hours ago, TikTok sources have told BleepingComputer that the data posted on this hacking forum is “completely unrelated” to the enterprise. According to the company, the source code shared on the hacking forums has nothing to do with the TikTok backend source code.

Regarding the data, the social network that competes the most with Meta affirms that leaked user data cannot be the result of direct scraping of your platform. And it is that the platform says that it has adequate security programs to prevent automated scripts from collecting information from users, although much data could have been collected from the public information of users.

Troy Hunt, the creator of the HaveIBeenPwned service, said on Twitter that some of the data is valid, but he couldn’t find anything that is not publicly available in TikTok.

This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info. Some data is junk, but it could be non-production or test data. It’s a bit of a mixed bag so far. — Troy Hunt (@troyhunt) September 5, 2022

WeChat has not commented on this. It should be remembered that although WeChat and TikTok are Chinese companies, they are not owned by the same parent company. WeChat is from Tencent (a giant in the video game sector) and the second to ByteDance.

Who is AgainstTheWest





Although the name of AgainstTheWest (“against the west”) may seem to be hackers targeting Western countries, in reality they say their target is the countries and companies hostile to western interests.

At the moment, according to security experts, it is focused on China and Russia and have plans to attack North Korean firms and entities, Belarus and Iran. They were first heard of at the end of last year 2021.

The vulnerability that Microsoft has seen

Microsoft, which wanted to buy TikTok when the government wanted to ban it in the United States, has meanwhile discovered a vulnerability in the Android app.

Microsoft said it had found a “high severity vulnerability” on TikTok’s Android app, “which would have allowed attackers to compromise user accounts with a single click.”

According to Redmond, this vulnerability has to do with a oversight in TikTok deep linking functionality. On Android, developers can program their apps to handle certain URLs in specific ways.

For example, when you tap on a Twitter embed in Chrome and the Twitter app automatically opens on your phone as a result, that’s an example of the deep linking feature.

In this case, Microsoft found a way to bypass the verification process that TikTok had to restrict deep links from executing certain actions.

They then discovered that they could use that vulnerability to access all of an account’s core features, including the ability to post content and send messages to other TikTok users. Failure was present in both global versions of the TikTok Android app.