Tik Tok: We were NOT Hacked

TikTok the short-form video hosting service owned by Chinese company ByteDance is strongly denying claims it has been hacked.

TikTok is denying reports that it was breached after a hacking group posted images of what they claim is a TikTok database that contains the platform’s source code and user information (via Bleeping Computer). In response to these allegations, TikTok said its team “found no evidence of a security breach.”

“We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases,” TikTok spokesperson Maureen Shanahan said in a statement to The Verge. “We do not believe users need to take any proactive actions, and we remain committed to the safety and security of our global community.”

I am rather surprised and baffled by the second part of Maureen Shanahan’s statement ‘We do not believe users need to take any proactive actions‘. A hacker group has claimed to have breached your company’s servers and you are brushing it off with ‘the data samples in question are all publicly accessible’ so don’t worry about anything.. But, what if….hypothetically speaking there are other data samples the hackers obtained but have not yet published? What if these data samples are not ‘publicly accessible’? For instance data samples containing user’s profile information and user who have TikTok LIVE Subscription, their financial data. This could turn into a PR nightmare real quick for TikTok and they could also face some serious sanction including fines or even being banned by certain governing bodies (EU comes to mind).

We will be watching for updates in the coming days and weeks. Nonetheless, TikTok users should treat this ‘non-incident) like it was a data breach:

  • Change your TikTok account password (and any other accounts that use the same password).
  • If you have a TikTok LIVE Subscription review your credit/bank account associated with your payment method for any unusual activity.
  • Be cautious of emails claiming to be from TikTok asking you to verify or provide your personal or financial information.

via The Verge