Popular short-form social video service TikTok has denied reports that it has been breached and its source code and user data have been stolen.
Last week, a hacker group called “Against the West” (primarily targets countries it believes to be a threat to western society, like China and Russia) announced on a hacker forum that they compromised Chinese-owned TikTok (ByteDance) and WeChat (Tencent) and posted screenshots of an alleged database stolen from the companies as proof. The threat actors claim they were able to access an Alibaba cloud instance that holds a 790GB database containing user data, platform statistics, software code, cookies, auth tokens, server information, etc.
On its part, TikTok has refuted the claims of the hack and said that the investigation into the alleged breach determined that source code shared on the hacker forum is not related to its platform.
“This is an incorrect claim — our security team investigated this statement and determined that the code in question is completely unrelated to TikTok's backend source code, which has never been merged with WeChat data,” the company said in a statement.
TikTok told BleepingComputer that the leaked user data could not result from a direct scraping of its platform because it has security measures in place to prevent automated scripts from gathering user information.
The creator of the HaveIBeenPwned data breach search website Troy Hunt said in series of tweets that some of the leaked info was valid, but “it is all publicly accessible data.” Another security researcher, Bob Diachenko, has confirmed that there has been a breach, but said that the origin of the data is not clear at this point.