Cyber Incident Victim: TikTok
Date:
Sep 2022
Location:
China
Summary
A hacking group claimed to have breached the platform and leaked alleged user data and source code, asserting access via an Alibaba cloud instance containing information from both the company and WeChat. The victim denied the breach, stating the leaked code was unrelated to its systems and that the data could not have been scraped directly due to existing safeguards; third-party analysts confirmed some data validity but found it publicly accessible, undermining claims of an internal compromise. The hacking forum later banned the group for unsubstantiated allegations, with its administrator asserting the data did not originate from the platform.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 2, 2022, or shortly before, a hacking group named AgainstTheWest posted on a Breached hacking forum claiming to have breached TikTok and WeChat. The group shared screenshots of an alleged database hosted on an Alibaba cloud instance, asserting it contained combined user data from both platforms. They claimed access to TikTok’s backend source code and user information. TikTok immediately denied the breach, stating its security team investigated and found the leaked code unrelated to its systems. The company emphasized its backend source code had never been merged with WeChat data, which is owned by Tencent, a separate entity from TikTok’s parent company, ByteDance. TikTok also disputed that the user data resulted from a direct breach, citing safeguards against automated scraping. Third-party cybersecurity experts, including HaveIBeenPwned creator Troy Hunt and researcher Bob Diachenko, analyzed the leaked data. Hunt confirmed some data validity but found nothing non-public, suggesting no internal compromise. Diachenko corroborated the data’s authenticity but could not trace its origin conclusively.
By September 5, 2022, AgainstTheWest’s forum thread was deleted, and the group was banned by Breached’s owner, pompompurin, for failing to substantiate their claims. The forum administrator restored the thread due to user requests but clarified the breach did not originate from TikTok, accusing the group of lying or inadequate investigation. TikTok maintained its position that the data was unrelated to its systems, though the incident raised questions about third-party data aggregation. The leaked dataset’s presence on an Alibaba server and its inclusion of both TikTok and WeChat information pointed to potential scraping by external actors or brokers compiling publicly accessible data. No evidence emerged of compromised TikTok infrastructure or unauthorized access to its private repositories. The company did not report user account compromises or operational disruptions resulting from the incident.