Sep 6, 2022 - Technology

TikTok data may have leaked, researchers say

Illustration of the TikTok logo made from binary code.

Illustration: Aïda Amer/Axios

Researchers at BeeHive CyberSecurity tell Axios they're investigating claims of a possible breach involving TikTok user data.

The big picture: The scope, size and validity of the reported data breach are unclear, but screenshots of the leaked data files shared via Twitter on Sunday include PayPal information, marketing data and user statistics.

What they're saying: A TikTok spokesperson told Axios on Monday that the company's security team didn't find any evidence of a breach at the company after investigating the claims.

  • “We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks or databases," the spokesperson said in a statement. "The samples also appear to contain data from one or more third-party sources not affiliated with TikTok."

Details: BeeHive CyberSecurity, a group that scans and researches security flaws in products, told Axios in an email Monday that it had received a report over the weekend from hacker group AgainstTheWest claiming it had gained access to a temporary storage location containing TikTok and WeChat data.

  • To confirm access, the group sent BeeHive a sample of the logs it had access to, but it doesn't appear the group shared details about how it found this data.
  • BeeHive described the group as "reputable" and claimed the data sample it shared would be difficult to fabricate.
  • AgainstTheWest is "still exporting data, so we'll be able to confirm the scope of this breach as soon as the influx of new data ceases," BeeHive said.

Why it matters: As researchers investigate the claims — which have since gone viral on social media — the discussion of possible user data exposure could add to Washington's concerns about the privacy and security practices at the Chinese-owned social media company.

  • Last week, Microsoft researchers shared details about a since-patched vulnerability in TikTok's Android app.
  • The Biden administration is expected to issue an executive order as early as this month that could limit how much data Chinese companies, including TikTok, can collect about U.S. citizens, Semafor reported.

The intrigue: AgainstTheWest's discovery of the storage location is still fresh, meaning the scale, scope and validity of the information it contains remain unclear.

Go deeper