The leak was first discovered by a researcher named AgainstTheWest, who stated that TikTok had stored all its internal backend source code on an Alibaba Cloud version with weak passwords. According to collected data, up to 790 GB of user information tables from the recorded database were noted, with the current user count being 2.05 billion.
AgainstTheWest noted that this data comes from users around the world, including many who are underage. The disclosure of such information along with the data being stored without users’ knowledge is a serious issue that could lead to something dangerous.
Security researchers at BeeHive CyberSecurity advise users of this video platform to change their passwords and enable two-factor authentication. They also shared screenshots of files on Twitter, including “record_paypal_order” or “tiktok_author_stats”.
However, security researcher Troy Hunt examined some of the leaked files and found that they were all publicly accessible data. This means it may have been self-generated without stemming from a data breach. According to Troy Hunt, some of the data in this is junk, possibly non-production or test data. Essentially, it’s a mixed bag.
In response to the incident, a TikTok spokesperson asserted that “TikTok prioritizes user privacy and data security”.
It is known that in June 2022, the head of the FCC called for Apple and Google to remove TikTok from their app stores due to its user data storage model. TikTok has millions of American users and collects a lot of sensitive data about them. The FCC stated that TikTok’s parent company, ByteDance, could provide this data to the Chinese government if requested./.