TikTok firmly denied a hacker group’s claim that it was able to obtain the source code and user data from the popular video-sharing platform.
The hacker group “AgainstTheWest” claimed in an online forum to have breached a server utilized by TikTok that contained more than 2 billion records and an array of user data, authentication tokens and other sensitive information related to the company.
The hackers included what they claimed to be screenshots tied to the database.
A TikTok spokesperson said the China-owned company’s “security team has found no evidence of a security breach.”
“We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases,” the spokesperson said.
“The samples also appear to contain data from one or more third-party sources not affiliated with TikTok,” the spokesperson added. “We do not believe users need to take any proactive actions, and we remain committed to the safety and security of our global community.”
The original forum thread detailing the hack was deleted, but later restored alongside a “staff edit” from a moderator who said the original poster “most likely was lying” about the breach. The moderator added that AgainstTheWest has a “long history of lying about breaches and other things.
In the same post, the hackers claimed to have gained access to data from the Chinese social media app WeChat. The Post has reached out for comment.
Bleeping Computer was first to report on the situation.
Cybersecurity researcher Troy Hunt, the creator of the “Have I Been Pwned?” online service that allows users to determine if their email address is compromised, also raised questions about the breach – noting the information revealed so far was publicly available.
“This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info,” Hunt said. “Some data is junk, but it could be non-production or test data. It’s a bit of a mixed bag so far.”
The alleged breach is the latest headache for TikTok, which has drawn mounting scrutiny in recent months over its parent company ByteDance’s ties to the Chinese government. Lawmakers and other critics have argued Beijing’s involvement constitutes a national security risk.
In June, FCC Commissioner Brendan Carr called for the TikTok app to be removed from the Apple and Google app stores, citing a Buzzfeed report that detailed leaked audio from meetings in which American TikTok employees indicated China-based employees of parent company ByteDance had access nonpublic US user data.
TikTok has insisted that China does not have access to the data of US users and says it takes steps to ensure privacy. The company recently migrated US user data to servers operated by Oracle.