On Sunday, hackers claimed to have breached the popular TikTok app, potentially exposing users’ personal information. The app is a social media platform where users can share short videos of themselves. The breach comes as a surprise to TikTok users, who have been using the app to film and share short videos of themselves for years. The app has been known to be vulnerable to attack, and this latest breach could mean that user data was compromised. TikTok is one of the most popular social media platforms in the world, and it’s likely that many people are now at risk of their personal information being accessed and used without their knowledge or consent. If you’re using TikTok, please take steps to protect your data and ensure that you’re up-to-date on security measures.

A hacking group going by the name of AgainstTheWest claimed in a hacking forum that they breached both TikTok and WeChat, an instant messaging app that’s popular in China. The post has screenshots of an alleged database that contains 2.05 billion records and 790GB of data from both TikTok and WeChat users, as well as auth tokens, user statistics, and even software code.

According to the alleged hackers, the group targets countries and companies that are perceived as a “threat to western society,” saying that the group is going after China and Russia and will soon target North Korea, Belarus, and Iran.

TikTok has denied that its infrastructure was breached, so you probably don’t need to rush to change your password right now. The company said that the impacted code in question “is completely unrelated to TikTok’s back-end source code,” and that its code, or its data, has never been merged with WeChat data.

As a refresher, TikTok and WeChat are both China-made apps, but WeChat belongs to Tencent while TikTok belongs to ByteDance. TikTok also has a China-only version of its app, called Douyin, that uses different servers and functions independently from TikTok. This database doesn’t come from either of these two companies, then, since they don’t share an infrastructure. It was most likely put together by a third-party data scraper, either using publicly-available info or obtaining user data through its own means.

Data breaches across different services have been a common topic the last few days, with Samsung, LastPass, Plex, and DoorDash all suffering hacks. But for this specific one, it doesn’t look like you need to worry.

Source: Bleeping Computer