TikTok is one of the most popular social networks today, outside the control of Meta. This social network is characterized by allowing its users to share small video fragments on the platform so that visitors can quickly move around it. An excellent option for those who are not convinced by classic social networks, such as Facebook or Instagram.
As with any other online service, security on our part is vital if we want to prevent our account from being stolen. For this reason, it is essential to use unique and secure passwords, in addition to other additional authentication systems that prevent them from taking control of our accounts. But this is not always up to us. And, due to a security flaw, a group of hackers has managed to break TikTok’s security, stealing source code from the social network, as well as user data.
AgainstTheWest: authors of the computer attack on TikTok
Last week, a group of hackers known as “AgainstTheWest” began hinting at possible data theft from two well-known platforms: TikTok and WeChat. The hackers have shared several databases belonging to both companies in a forum, although they have not yet started trading with them.
These databases occupy about 800 GB, and within them we can find data from more than 2,000 million users, among which we can highlight user data, platform statistics, source code, session cookies, access tokens and much more.
Those responsible for TikTok strongly deny that their servers have been compromised, and ensure that the information published on the Internet is false. However, different security researchers, such as Troy Hunt (created from the Have I Been Pwned platform) assure that, after analyzing the databases, there is some data that does correspond to a computer attack on both platforms.
This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info. Some data is junk, but it could be non-production or test data. It’s a bit of a mixed bag so far.
— Troy Hunt (@troyhunt) September 5, 2022
Other researchers also show that data theft is real, although the extent of it is not yet fully known. We would have to wait to see if it has really affected 2 billion users, or if it is just very sporadic data, and that does not pose a risk to the security or integrity of this social network.
UPDATE: while there is definitely a breach, it is still work in progress to confirm the origin of data, could be a third party. https://t.co/A3le5oWJgN
— Bob Diachenko 🇺🇦 (@MayhemDayOne) September 5, 2022
What to do now with the account
While TikTok denies it, the evidence of a computer attack is becoming clearer. Therefore, as always, the best thing we can do is change the TikTok password to make sure that, in case the data theft is real, no one can take control of our account. In case we reuse the password for other services, we will have to change it in those other services as well, for security.
If we had a WeChat account, although it is not such a common platform in these lands, we would also have to follow the same steps, having also been a victim of data theft.
It is also advisable to activate double authentication systems so that no one can access our online accounts. And control our account very well, especially now that, as the source code has been leaked, much more targeted attacks may appear.