TikTok has responded to claims of a huge data breach, with hackers claiming they have exploited an insecure server that contains personal information of the platform’s users.
In early September, hackers on a Breach Forum messageboard claimed to have accessed around 34GB of data by exploiting an insecure server containing the personal information of potentially over a billion TikTok users.
“We have to decide if we want to sell it or release it to the public,” one user wrote. “About 1.37 billion entries have been pulled.” They claimed that the entries are from “all over the world” and that the data, “contains a lot of underaged people.”
However, speaking to The Independent, a TikTok spokesperson reportedly denied that any breach had occurred, and also claimed that the high-severity vulnerability identified by Microsoft, which was reported in a blog post on August 31, “is completely unrelated” to TikTok’s backend source code.
“TikTok prioritizes the privacy and security of our users’ data,” the spokesperson said. “Our security team investigated these claims and found no evidence of a security breach.”
Troy Hunt, security researcher and creator of Have I Been Pwned, analyzed a sample of the files listed on the forum, sharing his findings with Twitter. In one post he wrote: “This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info. Some data is junk, but it could be non-production or test data. It’s a bit of a mixed bag so far.”
Although it is not clear whether users are at risk as a result of this alleged breach, users are encouraged to change their password regularly and use two-factor authentication in order to keep their accounts safe.
TikTok continues to be one of the most popular social media platforms, with new users joining at a rapid rate.