Crypto

Data stolen from TikTok yellow: hacker group claims to have stolen 790 gigabytes, but the company denies

From early analyzes, it seems that TikTok is right: the database claimed by the cybercriminals must have been created by collecting data that was already publicly available.

Theft of 2.05 billion records and 790 gigabytes. This is the booty that the hacker collective AgainstTheWest allegedly stole from TikTok. The claim was filed on September 3 with a series of screenshots posted to a Twitter account that no longer exists. According to an interview published on DataBreaches.net, the group has been active since September 2021 and debuted with the Bank of China server hack. However, these days, they have reportedly infiltrated TikTok servers in China and also obtained data from the WeChat super app, messaging service, and micropayments. To prove their theft, the hackers also released a series of screenshots and diagrams.

Main blow. Especially since the Chinese platform ByteDance has long been the subject of security allegations. Its handling of personal data has been questioned, in particular by the White House, which in December 2019 banned the use of the application by the US military. However, the company denied everything: “Our security team did not find evidence of a hack. All distributed sample data is public and does not involve compromising TikTok systems, networks or databases. The samples also appear to contain data from one or more third-party sources not affiliated with TikTok.”

Where does published data come from?

The mystery revolves around the origin of the data. They are new? Are they really from TikTok? Sometimes, indeed, it can happen that archives of tens of gigabytes of personal data get sold on the darknet markets without violation. In most cases, these are databases compiled from old hits or public archives. There is always hope that someone will not check and decide to buy it all. Indeed, the AgainstTheWest criminals explained that among their plans was the sale of the entire data set: “We have to decide whether we want to sell it or make everything public. Voices come from all over the world. This data contains many miners.”

The early analysis was done by Troy Hunt, a cybersecurity researcher who runs Have I Been Pwned, a portal where you can log into your social accounts to see if you’ve been hacked. According to a series of tweets posted on his profile, it is currently difficult to trace the data published by AgainstTheWest to the theft from TikTok: “Some of the data corresponds to information already publicly available. Other trash. At the moment it still looks like a mixed situation.”

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker.