A group of hacktivists claim to have stolen a database from the Chinese video platform TikTok. Everything suggests that it was a third-party partner of the company that was the victim of the hack, revealing above all statistics as well as marketing campaigns.
Pirates attack Chinese groups. The group of hacktivists AgainstTheWest published this September 3, 2022 a series of files on a famous hacker forumclaiming that it is information from databases of TikTok, as well as the Chinese messaging service WeChat. The hackers shared an extract of the stolen files, which Numerama had access to. It can be seen that this is mainly information on business partnerships, group statistics and marketing campaigns.
However, AgainstTheWest claims to have pulled out nearly 2 billion entries (or lines of information) and that this is only a first sample. The hackers would have recovered the source code of the application, thanks to a hacked password to access the Alibaba cloud that the two companies use.
In its announcement, the group indicates that it does not know whether it will sell the database or reveal it entirely. AgainstTheWest would set ethical limits to its revelations: hackers refuse to put all the files online, since this would endanger many underage users.
A third-party company, partner of TikTok
Can we completely trust this group of hackers? In the past, AgainstTheWest has published information from the video platform. Contrary to what their pseudonym – “Against the West” – suggests, these hackers tend to act against authoritarian or repressive regimes, like China or Russia.
Experts are still debating the authenticity of this leak. While some data does correspond to internal company information, others are public and accessible in open data, while a good part of the files lead nowhere. On the Hacker News forummembers suggest that the data does not come directly from TikTok, but from a third party responsible for marketing campaigns and commercial partnerships for the group.
Contacted by Numerama, TikTok informs us that the allegations of a flaw discovered over the weekend were incorrect. ” The privacy and security of user data is a priority for us. Our teams investigated these claims and found no evidence of a security breach. “said a spokesperson.
The sample data viewed by Numerama does not contain any confidential user information. However, if other information were to be published – if only the cookies from advertisements – we recommend that you change your password and install two-factor authentication.
Last July, Alibaba’s cloud servers had been hacked and the information of nearly a billion Chinese citizens was put up for sale on a hacker forum. China, more protected than Western countries from data leaks, is gradually becoming an interesting target for hackers.