Chinese video app TikTok was allegedly hacked and up to 2 billion user data records were stolen, said cyber security researchers. Analysts think that it was "a breach of an insecure server that allowed access to TikTok storage that contained personal user data."
BeeHive CyberSecurity on Monday tweeted: "This is your forewarning. TikTok has reportedly suffered a data breach and if true, there may be fallout from it in the coming days. We recommend you change your password and enable two-factor authentication." They added that a sample of the extracted data has been reviewed.
Troy Hunt of data breach information site haveibeenpwned tweeted that the process to verify if the sample data is genuine or not drawn inconclusive evidence. BlueHornet|AgaisntTheWest responded to the news by saying: "Who would have thought that TikTok would decide to store all their internal backend source code on one Alibaba Cloud instance using a trashy password?"
A TikTok spokesperson said their security team investigated the news reports and determined that the code in question is not related to TikTok's backend source code.
Microsoft 365 Defender Research Team discovered a vulnerability in the app that can allow hackers to infiltrate if users click on a link. They also discovered a high-severity vulnerability that can allow attackers to compromise users' accounts with a single click. TikTok claims to have fixed this problem.