Should we worry about information leakage on TikTok?

A group of hacking activists claim to have stolen a database from the Chinese video platform TikTok. Everything indicates that he was an outside partner of the company that was the victim of the hack – not the social network – and revealed above all the statistics as well as the marketing campaigns.

Hackers attack Chinese groups. Anti-Hacking Group Against the West published a series of files on a popular hacker forum on September 3, 2022, claiming to be information from the databases of TikTok, as well as the Chinese messaging service WeChat. The hackers shared an excerpt of the stolen files, which Nomirama had access to. It can be seen that this information mainly pertains to business partnerships, group statistics and marketing campaigns. There is no evidence that Tiktok is actually the victim.

However, AgainstTheWest claims to have pulled nearly two billion entries (or lines of information) and that this is only a first sample. The hackers were able to recover the app’s source code, thanks to a compromised password to access the Alibaba cloud that the two companies use.

The group says in its announcement that it does not know whether it will sell the database or fully disclose it. AgainstTheWest will set moral limits on what it discloses: hackers refuse to put all files online, as this would put many underage users at risk.

The ad posted by the group AgainstTheWest. // Source: Nomirama

Third party company, TikTok partner

Can we fully trust this group of hackers? In the past, AgainstTheWest has published information from the video platform. Contrary to what the nickname implies – “against the West” – these hackers tend to work against authoritarian or repressive regimes, such as China or Russia.

Experts agree that it is not directly related to the video platform. If some data looks like internal company information, others are public and accessible in open data, while a large portion of files lead nowhere. On the Hacker News forum, members suggest that the data does not come directly from TikTok, but from a third party responsible for the group’s marketing campaigns and business partnerships.

After contacting Numerama, TikTok told us that allegations of a flaw discovered over the weekend were incorrect. ” The privacy and security of user data is a priority for us. Our teams investigated these allegations and found no evidence of a security breach. The spokesperson said.

The sample data seen by Numirama does not contain any confidential user information. However, if you post other information – if the cookies are only ads – we recommend that you change your password and install double authentication.

Last July, Alibaba’s cloud servers were hacked and the information of nearly one billion Chinese citizens was put up for sale on a hacker forum. China, which is more protected than Western countries from data leakage, is gradually becoming an interesting target for hackers.

For more

Source: Alexander Gray / Unsplash

Leave a Comment