TikTok has reportedly suffered "a breach of an insecure server that allowed access to TikTok's storage, which they believe contained personal user data," according to several cyber-security analysts tweets.
"This is your forewarning. #TikTok has reportedly suffered a #data #breach, and if true there may be fallout from it in the coming days. We recommend you change your TikTok #password and enable Two-Factor Authentication, if you have not done so already," BeeHive CyberSecurity tweeted.
This is your forewarning. #TikTok has reportedly suffered a #data #breach, and if true there may be fallout from it in the coming days. We recommend you change your TikTok #password and enable Two-Factor Authentication, if you have not done so already. pic.twitter.com/SvifAp5B24
— BeeHive CyberSecurity (@BeeHiveCyberSec) September 4, 2022
"We've reviewed a sample of the extracted data. To our email subscribers and private clients, we've already sent out warning communications."
Owner of haveibeenpwned, another data breaching info site, Troy Hunt, shared on Twitter a thread to be able to verify if the sample data was acurate or not, concluding the evidence is "so far pretty inconclusive."
BlueHornet|AgaisntTheWest posted all details on the breached forums.
"Who would have thought that @TikTok would decide to store all their internal backend source code on one Alibaba Cloud instance using a trashy password?" they tweeted.
The also posted about how easily they could download the data.
A TikTok spokesperson, on the other hand, said in news reports that their security team "investigated this statement and determined that the code in question is completely unrelated to TikTok's backend source code".
A vulnerability was further discovered in the TikTok application for Android by Microsoft 365 Defender Research Team allowing hackers to control millions of videos of users once clicked on a malicious link.
The problem that would require several issues to be chained together to exploit has now been fixed by the Chinese company.
"Attackers could have leveraged the vulnerability to hijack an account without users' awareness if a targeted user simply clicked a specially crafted link," the tech giant said in a statement last week.
