Cyber Incident Victim: ByteDance

On September 3, 2022, a hacking group named AgainstTheWest posted claims on a hacking forum alleging a breach of TikTok and WeChat. The group shared screenshots of an Alibaba cloud instance database purportedly containing combined user data from both platforms, asserting access to 2.05 billion records. TikTok, owned by ByteDance, immediately denied the breach, stating its security team investigated and found the leaked source code "completely unrelated" to its backend systems. The company emphasized its infrastructure had never merged with WeChat data, which is operated by Tencent—a separate entity from ByteDance. TikTok further disputed that the user data resulted from direct scraping, citing automated script protections. WeChat did not publicly respond to inquiries. Third-party analysts Troy Hunt and Bob Diachenko examined the leaked data, confirming partial validity but noting all information appeared publicly accessible on TikTok profiles, undermining claims of an internal breach.

The Breached hacking forum banned AgainstTheWest on September 6, 2022, after restoring their deleted thread. Forum owner pompompurin stated the ban resulted from the group’s failure to verify their claims, clarifying the data did not originate from TikTok and criticizing "outrageous" unsubstantiated allegations. Despite the ban, samples of user data remained accessible, though their origin remained unconfirmed. TikTok maintained its denial throughout the incident, reiterating no evidence of compromised systems. The incident highlighted potential risks from third-party data aggregation, as the combined TikTok-WeChat dataset suggested compilation by external scrapers or brokers rather than direct platform breaches. No concrete evidence emerged linking the leak to ByteDance’s infrastructure, but the exposure of valid user data—albeit publicly available—raised concerns about unauthorized data consolidation and reuse.