Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Social Networks Security

TikTok Denies Reports That It's Been Hacked (theverge.com) 26

TikTok is denying reports that it was breached after a hacking group posted images of what they claim is a TikTok database that contains the platform's source code and user information. In response to these allegations, TikTok said its team "found no evidence of a security breach." From a report: According to Bleeping Computer, hackers shared the images of the alleged database to a hacking forum, saying they obtained the data on a server used by TikTok. It claims the server stores over 2 billion records and 790GB worth of user data, platform statistics, code, and more. "We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases," TikTok spokesperson Maureen Shanahan said in a statement to The Verge. "We do not believe users need to take any proactive actions, and we remain committed to the safety and security of our global community."
This discussion has been archived. No new comments can be posted.

TikTok Denies Reports That It's Been Hacked

Comments Filter:
  • Regardless of whether they were hacked or not, I wonder if someone could damage the reputation of a company by posting a lot of data and then claiming it's theirs. In the case of TikTok, there is not that much reputation to begin with.
    • The kids won't care regardless of how badly they get hacked, as long as they can continue to watch the funny videos. Then when the next fad comes along they'll ditch tiktok in an instant.
      • The kids won't care regardless of how badly they get hacked, as long as they can continue to watch the funny videos. Then when the next fad comes along they'll ditch tiktok in an instant.

        Its parents and marketing people that drive them off. Social media managers are like vacuum cleaners to cats when it comes to the zoomers. As soon as they get McDonalds posting twerk tiktoks trending or dad starts posting minions memes, the kids bolt for the door.

        Its the way its always been really. Grunge died not because

        • by HiThere ( 15173 )

          Well, they cycle you're describing is real, but some of your examples are highly questionable. E.g. there was a long time separation between Elvis and The Beatles. (Well, long is less than a decade, but long enough to make the connection questionable. Elvis was really in decline during the later part of his career, and that's when a new challenger could have appeared...but somehow didn't.)

          For most of your examples, I'm not aware enough of the context to decide whether they're correct or not. But the cyc

    • All true. If it turns out someone did steal 2bn user records, then their reputation amongst IT folk will go even lower. There's something seriously wrong with your architecture and processes if someone can ex-filtrate that amount of data. There should have been so many layers of protection against this, that whilst still technically possible, would have given ample opportunity to detect the break in, and would have reduced the ex-filtrated data set to tiny volumes in comparison.

      Of course, none of this matte

      • by guruevi ( 827432 )

        The problem is that TikTok's platform is built around the quiet exfiltration of data. They want to be able to prove to auditors none of their data got to China, so it's likely that many backdoors exist, hackers only need to find 1 to be successful.

  • they are dancing around the subject,
    • And whatever it is, no matter how bad it is, at least it's gonna be over in a few seconds.

    • by Anonymous Coward

      Dancing harder around the subject than their annoying logo dances around the screen.
      That thing is simultaneously the reason their platform is popular, and the reason I will not be using their platform.

    • TikTok said its team "found no evidence of a security breach."

      Isn't that the whole point of hacking - leave no trace that it ever happened?

      • From experience: no. Many do not care if they leave traces, even crashing their victim's systems. Ransomware is not effective if it leaves no trace.

      • Not necessarily. Leaving no trace is pretty hard to do. Usually there is SOME trail if you go looking for it. That said, this is TikTok, so it wouldn't shock me that, not only is their security shit enough to leave them vulnerable, but it's also shit enough that they're unable to find any evidence of a breach.

        • by HiThere ( 15173 )

          Considering their business, does it matter?
          IIUC, the basic application is rather trivial, and the purpose of the data it to become public and advertise that someone is in a picture.
          Or do I misunderstand what their business is? (I'll admit that my image of them is based on comments made by other people.)

        • Even if they could find evidence of a breach, they could issue a statement before they look for it stating they had not found evidence. If nobody asks them again, they won't disclose that they later found evidence.

  • by account_deleted ( 4530225 ) on Tuesday September 06, 2022 @05:29AM (#62856038)
    Comment removed based on user account deletion
    • To be fair, they did deny that it was a hack. They didn't say there wasn't a willing handover of information.

  • Well clearly it is publicly accessible if someone can easily gain access to it. That doesn't mean the information is supposed to be public.

    Pop quiz: Why would a company make 790GB worth of data public... on purpose?

    • by Entrope ( 68843 )

      How many gigabytes of content do you think is visible on public MyBook or Twitter or Instaface pages, susceptible to hoovering up with a bit of scraping? How much "source code" can you scrape from Javascript bits on their pages, especially if it's not minimized?

      Most social media sites are all about making many hundreds of gigabytes of data publicly available.

    • Pop quiz: Why would a company make 790GB worth of data public... on purpose?

      Storing critical backups on S3 without setting up security correctly. It wouldn't be the first time.

  • Umm no ... (Score:5, Interesting)

    by daveime2022 ( 9623802 ) on Tuesday September 06, 2022 @07:31AM (#62856270)
    From the Bleeping Computer article ...

    "The threat actor says this server holds 2.05 billion records in a massive 790GB database containing user data, platform statistics, software code, cookies, auth tokens, server info, and many more"

    Unfortunately msmash managed to butcher this in the summary here as "2 billion records and 790GB worth" implying they are two distinct sets of data.

    But if we take the original article as accurate, that equates to about 400 bytes of data per user. No way that's any where near the amount of data and statistics to even express the likes on a video.

    I'm calling bullshit on this. Some "hacker group" is looking for reputation, they've taken a sample of publically available / scraped TikTok data, and will presumably be selling it for BTC to the highest bidder, who will end up very disappointed.

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...