Following the news about a potential breach of TikTok and alleged stealing of two billion database records, a Kaspersky expert made a comment about the potential risks that such a data leak may cause and what users should do to protect themselves.
Following the news about a potential breach of TikTok and alleged stealing of two billion database records, a Kaspersky expert made a comment about the potential risks that such a data leak may cause and what users should do to protect themselves.
Meanwhile, TikTok denied the claims that hackers have managed to steal more than two billion sensitive database records, including user data and platform source code.
Rumors of a breach originated with a post to an online hacking forum, in which a user called AgainstTheWest claimed to have exploited a TikTok server vulnerability to gain access to gigabytes of data.
However, TikTok says it has found “no evidence of a security breach” and that the records have been scraped from public sources. Analysis of the leaked files by cybersecurity experts appears to corroborate this version of the story.
However, David Emm, Principal Security Researcher at Kaspersky’s Global Research and Analysis Team, has this to say:
“The first reports about the breach of TikTok appeared a few days ago. On the Breach Forums message board, an unknown user posted what was claimed to be screenshots from database tables with TikTok breach. As the user claims, they have stolen 2 billion database records, which could potentially affect an enormous amount of TikTok users.
“Some cybersecurity researchers claim that the data leak allegations are true, while others, confirming some matches between user profiles and videos posted under those IDs in the shown database records, emphasise that such details could be publicly accessible data that may be constructed without breach. Since TikTok is a global-known social media app, with more than a billion users a month, it makes it an enticing lure for cybercriminals who seek to compromise users’ accounts and steal sensitive data.
“If the allegations on the Breach Forums message board are true, this could be a serious issue for many users. If alleged database records are user login credentials, the consequences can range from increased activity by attackers sending them spam or phishing messages, which already carries the risk of losing banking details and personal information, to even hacking into an account at TikTok.
“Since many celebrities and bloggers use TikTok as their main source of communication with their audience, cybercriminals may be able to compromise them by publicizing private videos, sending messages and uploading videos on their behalf. The extent of the consequences depends on how the company handles passwords – if they are hashed and salted, it makes it much less likely”.
Kaspersky recommends TikTok users, who are worried that their account credentials may have been compromised, to change their password.
With Kaspersky Password Manager you can monitor the security of all your passwords in real-time.
“To reduce the risk of someone taking over your account, Kaspersky also advises to implement two-factor authentication, which is a great policy for any online account,” comments David Emm.
