‘Serious issue’ if claim on 2 billion stolen TikTok data is true, says cybersecurity expert

September 6, 2022 - 7:58 PM
TikTok app is seen on a smartphone in this illustration taken, July 13, 2021. (Reuters/Dado Ruvic/File Photo)

An official from a cybersecurity firm warned about a possible wide data breach on TikTok.

David Emm, the principal security researcher at Kaspersky’s GReAT, said that should the breach be true, this could affect an enormous amount of TikTok users.

Based on reports, a hacking group claimed that they have obtained data on a server used by TikTok that contained over two billion records.

The group posted images of this supposed TikTok database to a hacking forum message board.

Emm laid out the consequences for both the company and the users if the data leak claim turned out to be true.

“If the allegations on the Breach Forums message board are true, this could be a serious issue for many users,” the cybersecurity expert said.

“If alleged database records are user login credentials, the consequences can range from increased activity by attackers sending them spam or phishing messages, which already carries the risk of losing banking details and personal information, to even hacking into an account at TikTok,” he added.

Emm further noted the amount of personal data cybercriminals can use and exploit from celebrities and bloggers who use the global social media app.

“Since TikTok is a globally-known social media app with more than a billion users a month, it makes it an enticing lure for cybercriminals who seek to compromise users’ accounts and steal sensitive data,” Emm said.

“Since many celebrities and bloggers use TikTok as their main source of communication with their audience, cybercriminals may be able to compromise them by publicizing private videos, sending messages, and uploading videos on their behalf. The extent of the consequences depends on how the company handles passwords—if they are hashed and salted, it makes it much less likely,” he added.

Emm recommended that TikTok users should change their passwords using Kaspersky’s Password Manager in the meantime.

“Kaspersky recommends TikTok users, who are worried that their account credentials may have been compromised, to change their password. With Kaspersky Password Manager, you can monitor the security of all your passwords in real-time,” he said.

The cybersecurity expert also advised the use of two-factor authentication for their accounts.

“To reduce the risk of someone taking over your account, Kaspersky also advises implementing two-factor authentication, which is a great policy for any online account,” he said.

TikTok’s response 

TikTok spokesperson Maureen Shanahan told The Verge that TikTok users don’t have to worry about their accounts.

“We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases,” Shanahan was quoted in a report as saying.

“We do not believe users need to take any proactive actions, and we remain committed to the safety and security of our global community,” she added.

Emm also stated that cybersecurity researchers are still confirming the group and its claims’ authenticity.

“Some cybersecurity researchers claim that the data leak allegations are true, while others, confirming some matches between user profiles and videos posted under those IDs in the shown database records, emphasize that such details could be publicly accessible data that may be constructed without breach,” he said.