Cyber Incident Victim: Tencent
Date:
Sep 2022
Location:
China
Summary
A hacking group claimed to compromise WeChat and TikTok, alleging access to a shared database containing user data and source code via an Alibaba cloud instance. The targeted company denied the breach, asserting the leaked data was unrelated to its systems and that its security measures prevent such automated scraping. Independent analysts verified some user data as authentic but found no evidence of non-public information, suggesting potential third-party aggregation of publicly available data from both platforms. The forum hosting the leak later banned the threat actors for unsubstantiated claims, with its administrator stating the data did not originate from the company's infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 2, 2022, the hacking group AgainstTheWest posted claims on a hacking forum alleging a breach of TikTok and WeChat, both prominent Chinese-owned platforms. The group shared screenshots purporting to show a compromised database containing user data from both services, accessed via an Alibaba cloud instance. AgainstTheWest asserted the database held information on TikTok and WeChat users, though the two platforms operate under separate parent companies—ByteDance (TikTok) and Tencent (WeChat)—with no shared ownership structure. TikTok immediately denied the breach, stating its security team investigated and found the leaked source code "completely unrelated" to its backend systems. The company further asserted that the user data could not have originated from a direct breach or scraping of its platform due to existing safeguards against automated data collection. WeChat’s parent company, Tencent, did not publicly respond to requests for comment from BleepingComputer. The presence of both platforms’ data in a single database suggested the information was aggregated from external sources rather than obtained through direct infiltration of either company’s systems, with analysts speculating it likely originated from third-party scraping or data brokerage activities.
Third-party cybersecurity experts analyzed the leaked samples to assess their validity. Troy Hunt, creator of HaveIBeenPwned, confirmed portions of the user data were authentic but found no evidence it extended beyond publicly accessible information on TikTok profiles, undermining claims of a systemic breach. Independent researcher Bob Diachenko also validated the data’s legitimacy but could not definitively trace its origin. On September 6, 2022, the Breached forum administrator banned AgainstTheWest’s account, citing insufficient verification of their claims. Forum owner pompompurin restored the initial thread temporarily but publicly stated the breach "is not from TikTok" and accused the group of making "outrageous claims" without proper investigation. TikTok maintained its position that no breach occurred, emphasizing the absence of data merger with WeChat in its systems. The incident highlighted ongoing challenges in attributing leaked data to specific breaches versus third-party aggregation, with Tencent’s lack of public response leaving WeChat’s exposure unconfirmed despite the forum’s retraction of the hacking group’s allegations.