Cyber Incident Victim: WeChat

On September 2, 2022, a hacking group named 'AgainstTheWest' posted claims on a hacking forum alleging a breach of TikTok and WeChat. The group shared screenshots purportedly showing a database containing user data from both platforms, accessed via an Alibaba cloud instance. They asserted the data was obtained on September 3, 2022. TikTok immediately denied the breach, stating its security team investigated and found the leaked source code "completely unrelated" to its backend systems. The company further disputed that the user data resulted from direct scraping of its platform, citing automated script protections. WeChat, owned by Tencent, did not publicly respond to requests for comment. Security researchers Troy Hunt and Bob Diachenko analyzed samples of the leaked data, confirming some information as valid but noting it appeared limited to publicly accessible TikTok profiles. No evidence suggested unauthorized access to internal systems at either company.

The forum post was initially deleted by AgainstTheWest but later restored by Breached forum administrators. On September 6, 2022, the forum banned the group for failing to substantiate their claims. The forum owner, pompompurin, stated the breach allegations were unverified and likely false, emphasizing the data did not originate from TikTok. Analysis indicated the combined TikTok-WeChat dataset likely belonged to a third-party aggregator, given the platforms' separate ownership (ByteDance and Tencent) and lack of operational data merging. While the incident raised concerns about data exposure, no concrete evidence emerged linking the leak to direct compromises of WeChat or TikTok infrastructure. The companies maintained their systems were secure, with TikTok reiterating its safeguards against scraping. Researchers concluded the data might have been compiled from publicly available sources or prior third-party breaches rather than fresh intrusions.