Cybersecurity researchers on Monday discovered a potential data breach in China’s short-form video app TikTok, which reportedly involved nearly 2 billion user database records.
Several cybersecurity analysts tweeted about the discovery of “an unsecured server breach that allowed access to TikTok storage, which contains users’ personal data.”
“This is your forewarning. #TikTok has reportedly suffered a #data #breach, and if true there may be fallout from it in the coming days. We recommend you change your TikTok #password and enable Two-Factor Authentication if you have not done so already,” tweeted BeeHive CyberSecurity.
“We’ve reviewed a sample of the extracted data. To our email subscribers and private clients, we’ve already sent out warning communications,” it added.
Troy Hunt, the creator of data breach information site haveibeenpwned, posted a thread on Twitter to verify if the sample data is genuine or not. For him, the evidence is “so far pretty inconclusive”.
However, a TikTok spokesperson told this reporter that there is no evidence of a security breach. Security experts recommend that TikTok users change their password and make sure two-factor authentication (2FA) is enabled anyway, just to be on the safe side.
An earlier statement, in a Bloomberg U.K. article, addressed the stolen source code allegation directly: “Our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code.”