Claim of TikTok Breach Spotlights Viral App’s Lure as Target

tech.hindustantimes.com:

TikTok, the short-video sensation that's among the world's most downloaded apps, is coming under increased scrutiny about its data security as it guards the personal information of over a billion users.

On Monday, several cybersecurity analysts tweeted about the discovery of what was purportedly a breach of an insecure server that allowed access to TikTok's storage, which they believe contained personal user data. Only days earlier, Microsoft Corp. said it had found a “high-severity vulnerability” in TikTok's Android application, “which would have allowed attackers to compromise users' accounts with a single click.”

ByteDance Ltd.'s TikTok surpassed a billion monthly users a year ago and now ranks as many young people's favorite app. That makes it an enticing target for hackers who may seek to hijack popular accounts or resell sensitive information. It was identified as a privacy threat by the Trump administration in 2020 and nearly banned because of concern about potential links between its Beijing-based parent company and the Chinese government.

TikTok said the claims of a breach discovered over the weekend were incorrect. “Our security team investigated this statement and determined that the code in question is completely unrelated to TikTok's backend source code,” a spokesperson said.

Troy Hunt, an Australian web security consultant, went through some of the data samples listed in the leaked files and found matches between user profiles and videos posted under those IDs. But some details included in the leak were “publicly accessible data that could have been constructed without breach.”

“This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info. Some data is junk, but it could