Change Your TikTok Password Now: Data Leak Risk

There’s a post from 12 hours ago on a well-known hacking forum making some pretty significant claims, with the disclaimer that everything is “alleged” at this point: “We don’t know why it’s there or what it’s for, but we’re releasing a 34GB additional database called “cabinet cloud” from the Oracle server we’re using because we don’t anticipate using it. The video of the tables is shown here:” The following files, which are part of a 237MB sample, are listed in this Gist: https://gist.github.com/troyhunt/d238ded80353cce53bea4545545ed172 The Android app for the well-known social media platform TikTok has a “high severity” security flaw, according to Microsoft’s cybersecurity team, which puts hundreds of millions of users at risk of having their accounts taken over. Researchers claim that the vulnerability would have allowed hackers to hijack a TikTok user’s account by tricking them into clicking on a single link. Dimitrios Valsamaras of Microsoft’s 365 Defender research team wrote, “If a targeted user simply clicked a specially crafted link, attackers could have leveraged the vulnerability to hijack an account without users’ awareness.” “After that, attackers could have gained access to and altered users’ TikTok profiles and sensitive data, like making public private videos, sending messages, and uploading videos on users’ behalf.” TikTok fixed the flaw after Microsoft alerted them to it, and neither company claims that hackers exploited it. The iPhone version of the app, it seems, was unaffected. The social media app, which is owned by China, is used by over 1 billion people. A TikTok representative told The Washington Post that “we discovered and promptly fixed a vulnerability in some older versions of the Android app through our collaboration with Microsoft security researchers.” We value the work the Microsoft researchers have done to find potential problems so we can fix them. Hundreds of millions of Android users worldwide could have been impacted if the flaw had gone unreported. More than 1.5 billion people have downloaded the TikTok app from the Google Play Store. The security team reportedly created a link that gave them access to a user’s account without knowing the user’s password, according to Microsoft’s report. In an experiment, Microsoft was able to change a user’s account to ”!!” when they clicked the link.”!! SECURITY BREACH!!!.” Security researchers, attorneys, and threat analysts who make up Beehive Cybersecurity recently advised their clients to change their Tiktok password right away due to a significant data breach. The cybersecurity group AgainstTheWest learned of the breach and tweeted about it. https://breached.to/Thread-TikTok-WeChat-breach “Take this as a warning. If the reports of a data breach are accurate, there might be repercussions in the next few days for #TikTok. If you haven’t already, we advise you to update your TikTok password and turn on two-factor authentication. BeeHive Cyber Security The Chinese social media giant’s database was successfully searched for 1.37 billion entries by AgainstTheWest, who go by the Twitter handle @AggressiveCurl. Later updates showed that 2.05 billion users had downloaded 790GB of data. Beehive Cybersecurity confirmed the breach in its subsequent tweets after looking over a sample of the data that AgainstTheWest had made public. The data that the security researchers who learned about the incident released are still inconclusive as of the time of publication. Regarding the alleged breach, we got in touch with Tiktok Philippines representatives. We’re awaiting their response.