The hacker, BlueHornet, has taunted social media giant, TikTok, claiming responsibility for 2 billion data breach records and sensitive backend source code. This article summarizes the events of the TikTok breach, shares the discovery and denial of the data breach, and how you can protect yourself.
Cybersecurity has become the chief concern for individuals and organizations worldwide, a fact that the latest TikTok US Data Breach has reinforced. Chinese entertainment and social media platform TikTok is making headlines worldwide. The media stir results from a massive data breach in the organization, putting 2 billion customer records at risk.
With controversial statements being made by cybersecurity firms and TikTok denying the data breach, here is all you need to know about the 2 billion data record breach at TikTok US.
Who is behind the TikTok US Data Breach?
On September 3, a hacker that goes by “AgainstTheWest” and “BlueHornet,” using the Twitter handle @AggressiveCurl, claimed on breach forums that he had successfully stolen data from TikTok and WeChat, a Chinese instant messaging application. AgainstTheWest boasted of stealing 790 GBs (Gigabytes) of data and 2.05 billion records from both organizations, sharing screenshots of database tables. Here is BlueHornet’s tweet:
(BlueHornet | AgainstTheWest hacker tweets about breaching TikTok, Source: Manilla Bulletin)
As you can see, the hacker taunts TikTok for a trashy password and claims to have stolen internal backend source code under a single Alibaba Group’s cloud instance.
BeeHive’s Discovery of the TikTok Data Breach
BeeHive CyberSecurity was the first to discover the potential breach at TikTok on September 4 2022. BeeHive issued a warning to Twitter users along with photos, sharing the schema, i.e., the layout of the database and all the tables used to store various information by the platform. BeeHive further recommended that all TikTok users change their passwords and enable 2FA (Two Factor Authentication) to protect themselves from the unconfirmed threat.
Within one and a half hours, BeeHive CyberSecurity tweeted again, confirming the TikTok breach. The cybersecurity firm had reviewed a sample of the extracted data and found the TikTok data breach to be authentic, sending warning communications to its clients and Twitter. A sample image from BeeHive’s tweet is provided below:
(Database Records from the TikTok Data Breach, Source: Beehivecybersec)
The screenshot shared above clearly shows the details about TikTok’s database and the platform’s multiple tables for storing various information.
TikTok Denies 2 Billion Record Data Breach
TikTok has denied any such data breach took place. However, the video-sharing social media platform confirmed some data’s presence, claiming it to be the result of direct scraping but not a data breach.
TikTok said, “This is an incorrect claim — our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code, which has never been merged with WeChat data.”
Bleeping Computer has suggested that the leaked data could result from third-party scrapers or brokers utilizing publicly available data and has requested additional comment from TikTok, which is still awaited. Many independent cybersecurity researchers and analysts have various takes on the TikTok data breach.
What did Cybersecurity Researchers Find About the TikTok Breach?
- Troy Hunt
Troy Hunt, a cybersecurity expert and owner of “Have I Been Pwned?” a website that allows you to check if your data is compromised due to a data breach, also analyzed the hacker’s claims and available data. Here is what he shared on his Twitter thread:
- Troy started with the hacker’s post on a popular hacking forum that was making claims about the 2.05 billion records breached at TikTok.
- He also shared a video of the database tables from another database of 34 GB stored in the Oracle server he checked, labeled “cabinet cloud.”
- Troy Hunt then released another 237 MB (Megabyte) cluster of files of the breach via his GitHub, another sample he was analyzing.
After carefully examining the content and samples, Troy Hunt concluded that the data contained largely Vietnamese LGBT content along with IDs and verified that the data was legitimate after cross-examination using publicly accessible videos of these IDs. To confirm this further, he selected random entries and proved that the data was authentic.
However, Troy summarized that the data is all publicly accessible and could result from construction. His research into checking other records for non-public data verification was inconclusive, but he did end up with a few fake entries in the data records.
Troy has concluded that the data available is inconclusive as the data matching is publicly accessible, and the other chunks incorporate junk, test data, or non-production data. You can look at his findings and his investigation into the WeChat leaked records on his Twitter thread.
- Bob Diachenko
Bob Diachenko, a researcher for threat intelligence at Security Discovery, also analyzed the TikTok data breach samples. Bob and his team analyzed all publicly exposed records and confirmed that the TikTok data breach was real. He summarized on his Twitter that partial user data has indeed been leaked, but the data came from Hangzhou Julun Network. Here is a snapshot he shared to confirm the data’s origin.
(Bob Diachenko reveals TikTok breach data came from Hangzhou Julun Network Technology Co. Ltd., Source: Twitter)
- Jake Moore
ESET’s global cybersecurity advisor, Jake Moore, also shared his take by concluding that all data could purely be public data that cybercriminals scraped from the site. However, the fact that one of the biggest social media platforms, TikTok, is being targeted shows that cybercriminals are looking for any vulnerability on TikTok.
Jake added that regardless of the TikTok data breach records being caused due to account vulnerabilities or available as open information by TikTok; individuals should promptly take security actions.
How to Protect your TikTok Account from the Data Breach?
Since TikTok’s data breach has shown that public account data and details have been leaked, you should do the following to secure your TikTok account.
- Change your Password: Update your password and choose a unique and strong one with a mixture of numbers, letters, and special characters.
- Implement 2FA: Enable 2FA for additional security of your TikTok account.
Final Words
There have been major cybersecurity incidents every month in 2022. The TikTok data breach is an excellent example of cybercriminals continuously targeting social media websites to steal valuable information. TikTok has denied claims that the data breach is real, and there is no solid proof that the 2 billion records leaked result from a data breach or public data scraping.
However, one thing you can be sure of is that if the hacker, BlueHornet | AgainstTheWest, posted about the information of the TikTok breach, chances are that he is working around the clock to look for any vulnerabilities to breach the platform if he has not already. Until the entire truth is revealed, you should take the necessary steps and strengthen your TikTok account with the above mentioned measures.