A hacking group going by the name of AgainstTheWest claimed in a hacking forum that they breached both TikTok and WeChat, an instant messaging app that’s popular in China. The post has screenshots of an alleged database that contains 2.05 billion records and 790GB of data from both TikTok and WeChat users, as well as auth tokens, user statistics, and even software code.
According to the alleged hackers, the group targets countries and companies that are perceived as a “threat to western society,” saying that the group is going after China and Russia and will soon target North Korea, Belarus, and Iran.
TikTok has denied that its infrastructure was breached, so you probably don’t need to rush to change your password right now. The company said that the impacted code in question “is completely unrelated to TikTok’s back-end source code,” and that its code, or its data, has never been merged with WeChat data.
As a refresher, TikTok and WeChat are both China-made apps, but WeChat belongs to Tencent while TikTok belongs to ByteDance. TikTok also has a China-only version of its app, called Douyin, that uses different servers and functions independently from TikTok. This database doesn’t come from either of these two companies, then, since they don’t share an infrastructure. It was most likely put together by a third-party data scraper, either using publicly-available info or obtaining user data through its own means.
Data breaches across different services have been a common topic the last few days, with Samsung, LastPass, Plex, and DoorDash all suffering hacks. But for this specific one, it doesn’t look like you need to worry.
Source: Bleeping Computer