TikTok denies breach after hackers claim billions of user records stolen

TikTok denies breach after hackers claim billions of user records stolen

TikTok says that data samples are publicly accessible information and not a result of compromise of their systems, networks, or database.

Credit: Dreamstime

TikTok is denying claims that a hacking group has breached an Alibaba cloud database containing 2.05 billion records that include data on TikTok and WeChat users.

The hacking group, which goes by the name AgainstTheWest, on Friday posted screenshots—which they say were taken from the hacked database — on a hacking forum.

The Alibaba server that was breached contains 2.05 billion records in a 790GB database with user data, platform statistics, source code, cookies, auth tokens, server info, and other information, the hacking group said. The hackers also claimed they are yet to decide if they want to sell the data or release it to the public.

"This is an incorrect claim — our security team investigated this statement and determined that the code in question is completely unrelated to TikTok's backend source code, which has never been merged with WeChat data," a TikTok spokesperson told

The leaked user data could not result from a direct scraping of its platform, as there are  adequate security safeguards to prevent automated scripts from collecting user information, TikTok added.

The company also claims that the data samples are publicly accessible information and not a result of compromise of their systems, networks or database. Neither TikTok nor WeChat have responded to additional questions.

In discussions on the Hacker News forum, some forum participants suggested that the data looks like it came from a third party that integrates with TikTok for marketing or e-commerce purposes.

However, TikTok has dismissed those claims, stating that while the sample appears to contain data from one or more third-party sources, they are not affiliated with the company.

TikTok also added that they do not believe users need to take any proactive actions. The hackers' statements have generated a lot of interest and several security experts immediately got on the job to verify the claims.

Experts say evidence of hacking is inconclusive

“This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info. Some data is junk, but it could be non-production or test data. It's a bit of a mixed bag so far,” tweeted Troy Hunt, a regional director at Microsoft and the creator of the Have I Been Pwned website.

Another security expert, Bob Diachenko, tweeted saying there is no concrete conclusion about the origin of the data but validated that the leaked user data is real.

“While there is definitely a breach, it is still work in progress to confirm the origin of data, could be a third party,” the cyber security consultant tweeted.

Privacy concerns about TikTok grow

WeChat is a China-based instant messaging and social media platform developed by Tencent. On its part, TikTok is owned by China-based company ByteDance and many countries have expressed concerns that it is sending its user information back to China.

While TikTok has time and again denied these allegations, last month more than 80 leaked audio files from the video-sharing platform’s internal meetings revealed that China-based employees of ByteDance have repeatedly accessed non-public data about US TikTok users.

It was revealed that engineers in China had access to US data between September 2021 and January 2022. Similar allegations were also made in 2021 after a few former employees of the app had revealed that ByteDance had access to US user data. TikTok was launched globally in September 2017.

Last month, just before the latest allegations were made, TikTok announced that it has partnered with Oracle to host its US data on Oracle’s US-based servers.

Meanwhile last week, Australian Home Affairs Minister Clare O’Neil ordered her department to investigate the harvesting of data by TikTok amid growing concern that staff in China can access the personal information of Australians.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags TikTokcyber securitydata



Join key decision-makers within Environmental, Social, and Governance (ESG) that have the power to affect real change and drive sustainable practices. SustainTech will bridge the gap between ambition and tangible action, promoting strategies that attendees can use in their day-to-day operations within their business.

EDGE 2023

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.


ARN has celebrated gender diversity and recognised female excellence across the Australian tech channel since first launching WIICTA in 2012, acknowledging the achievements of a talented group of female front runners who have become influential figures across the local industry.

ARN Innovation Awards 2023

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

Show Comments