TikTok’s popularity is beyond other social media apps, but sadly its security has always been a concern. Recently, an independent security research group AgainstTheWest confirmed a data breach of TikTok. They could download all the user information tables in the entry, which amounted to a whopping 2.06 billion entries.
This is a prime example of how poorly TikTok secured the data of its users. According to one tweet, all the leaked data was stored on a single Alibaba server with a weak password. Simpler passwords are easy to crack with a Brute Force attack, which may have been the case with this TikTok Data Breach.
TikTok Data Breach: More Details
Beehive Cybersecurity confirmed that the available data indeed belonged to TikTok users. They tweeted with a warning that all the users must immediately change their passwords and enable two-factor authentication if not done already. They analyzed a small portion of the data to verify the claims made by the AgaisntTheWest group.
BlueHornet|AgaisntTheWest posted all the details on breached forums. They were able to download all the user data. Previously, the group mentioned on the forums that they were confused about what to do with the data. The first thought was to sell it, but when the record numbers piled up to over 2 billion, they decided not to sell it. They also mentioned that the downloaded entries contained user details of underage kids.
AgaisntTheWest continued posting images about how easily they could download the data. It is bewildering how ByteDance, a billion-dollar company, has such inferior security mechanisms in place. It also depicts how poorly secure your personal data is when you sign up to access these apps.
Even after multiple tagging efforts, TikTok did not respond to any of these security researcher claims. It is a common practice for companies to deny data breaches early on, and they slowly agree that the event occurred. If you have an account on TikTok, do as Beehive Cybersecurity advises. Replace your existing password with a strong one and use two-factor authentication.