Skip to main content

TikTok hack: Have billions of user records been exposed?

TikTok has denied claims that hackers have managed to steal more than two billion sensitive database records, including user data and platform source code.

Rumors of a breach originated with a post to an online hacking forum, in which a user called AgainstTheWest claimed to have exploited a TikTok server vulnerability to gain access to 790GB of data.

However, TikTok says it has found “no evidence of a security breach” and that the records have been scraped from public sources. Analysis of the leaked files by cybersecurity experts appears to corroborate this version of the story.

TikTok scrutiny

Owned and operated by Chinese company ByteDance, TikTok has been under the spotlight since it rose to prominence in western markets back in 2019. Today, the short-form video platform commands more attention per user than Facebook and Instagram combined and the app has been downloaded more frequently than any other in each of the past five quarters.

In 2020, ex-US President Donald Trump moved to ban the platform, which he perceived as a threat to national security. Although the ban never came to pass, in an effort to allay privacy and security concerns, ByteDance agreed to move data related to US-based TikTok users to servers operated by Oracle.

The US software company is also in the process of auditing the platform’s recommendation algorithms, to ensure they are not being manipulated for political purposes by the Chinese Communist Party (CCP), which has traditionally exercised a significant level of control over corporations based in China.

Irrespective of these safety mechanisms, rumors of a large-scale data breach will heighten the focus once again on the platform’s data management practices.

But TikTok claims the data published online was not exposed as a result of a weakness in its security posture, and nor does it relate to source code actively deployed in the platform’s backend.

“We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok Systems, networks, or databases,” said the firm, in a statement.

“We do not believe users need to take any proactive actions, and we remain committed to the safety and security of our global community.”

Via The Independent, The Verge

Source: TechRadar

Popular posts from this blog

FCC approves broadband 'nutrition labels' to help you shop for internet

The FCC is pushing nutrition labels for internet providers. What you need to know The FCC has voted to move forward with new rules for ISPs to display nutrition labels. The proposed rulemaking would mandate ISPs to display relevant speed and pricing information to consumers. This should make it easier for consumers to make an informed decision on their broadband. The FCC voted unanimously on a plan that would allow consumers to make better decisions about their broadband internet. The proposal will require internet service providers (ISPs) - including many of the best wireless carriers in the U.S. — to display "nutrition labels" that display relevant service information for consumers at point-of-sale. This includes internet speeds, allowances, and clear information on rates. "If you walk into any grocery store and pull boxes of cereal from the shelves, you can easily compare calories and carbohydrates," FCC Chair Jessica Rosenworcel said in a statemen

Slack’s new integration deal with AWS could also be about tweaking Microsoft

Slack and Amazon announced a big integration late yesterday afternoon. As part of the deal, Slack will use Amazon Chime for its call feature, while reiterating its commitment to use AWS as its preferred cloud provider to run its infrastructure. At the same time, AWS has agreed to use Slack for internal communications. Make no mistake, this is a big deal as the SaaS communications tool increases its ties with AWS, but this agreement could also be about slighting Microsoft and its rival Teams product by making a deal with a cloud rival. In the past Slack CEO Stewart Butterfield has had choice words for Microsoft saying the Redmond technology giant sees his company as an “existential threat.” Whether that’s true or not — Teams is but one piece of a huge technology company — it’s impossible not to look at the deal in this context. Aligning more deeply with AWS sends a message to Microsoft, whose Azure infrastructure services compete with AWS. Butterfield didn’t say that of course

Yandex spins out self-driving car unit from its Uber JV, invests $150M into newco

Self-driving cars are still many years away from becoming a ubiquitous reality, but today one of the bigger efforts to build and develop them is taking a significant step out as part of its strategy to be at the forefront for when they do. Yandex — the publicly-traded Russian tech giant that started as a search engine but has expanded into a number of other, related areas (similar to US counterpart Google) — today announced that it is spinning out its self-driving car unit from MLU BV — a ride-hailing and food delivery joint venture it operates in partnership with Uber. The move comes amid reports that Yandex and Uber were eyeing up an IPO for MLU  last year. At the time, the JV was estimated to be valued at around $7.7 billion. It’s not clear how those plans will have been impacted in recent months, with COVID-19 putting huge pressure on ride-hailing and food-delivery businesses globally, and IPOs generally down compared to a year ago. In that context, spinning out the unit could

Elon Musk sends yet another notice trying to terminate the Twitter deal

Kristen Radtke / The Verge; Getty Images Elon Musk has sent a third letter to Twitter attempting to terminate his $44 billion acquisition of the company . Musk’s legal team cited Twitter’s multimillion dollar severance payment to former security chief and whistleblower Peiter Zatko as a violation of the merger agreement and a reason to end the deal. The letter, dated September 9th, was sent to Twitter’s chief legal officer Vijaya Gadde, and was included in a filing Twitter made with the SEC on Friday (which you can read at the bottom of this article). Last month, Zatko made headlines by accusing Twitter of misleading investors about the number of bots on the service, failing to delete users’ data, and having poor security practices, among other things. Musk jumped on the accusations, citing them in his second termination letter and subpoenaing Zatko to testify in the lawsuit. Zatko was set to be deposed on Friday. Elon Musk sent his first letter of termination in July , say