Over the long weekend the popular short-form video app, TikTok was victim to a potential data breach which allegedly involved up to 2 billion user database records!
Many cyber-security analysts tweeted about the discovery of what was "a breach of an insecure server that allowed access to TikTok's storage, which they believe contained personal user data".
"This is your forewarning. #TikTok has reportedly suffered a #data #breach, and if true there may be fallout from it in the coming days. We recommend you change your TikTok #password and enable Two-Factor Authentication, if you have not done so already," tweeted BeeHive CyberSecurity.
"We've reviewed a sample of the extracted data. To our email subscribers and private clients, we've already sent out warning communications," it added.
BlueHornet|AgaisntTheWest posted included details on breached forums.
"Who would have thought that @TikTok would decide to store all their internal backend source code on one Alibaba Cloud instance using a trashy password?" they tweeted, posting about how easily they could download the data.
But, according to TikTok, the attack did not happen. In a statement shared with Gizmodo on Tuesday, a spokesperson denied the claims:
“Our security team has found no evidence of a security breach. We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases. The samples also appear to contain data from one or more third-party sources not affiliated with TikTok. We do not believe users need to take any proactive actions, and we remain committed to the safety and security of our global community.”