TikTok is facing many questions regarding its data security after rumors began circulating about its source code becoming comprised.
Bloomberg reported that several cyber security analysts took to Twitter on Monday to inform the public about a potential security breach in TikTok's source code. This security breach was traced to TikTok's data storage that the analysts claim contained personal account information on users, which led them to deem the purported breach a "high-severity vulnerability". The security breach was found in TikTok's Android application and would have allowed attackers to "comprise users' accounts with a single click".
On September 3 posts surfaced on the Breach Forums message board where a hacker wrote that the server contains 2.05 billion records in a humongous 790GB database. Followed by these rumors was a tweet from hacking group BlueHornet, who has seemingly had their account suspended by Twitter after this story gained traction. The tweet read, "Who would have thought that TikTok would decide to store all their internal backend source code on one Alibaba Cloud instance using a trashy password?".
In response to these rumors and claims, a TikTok spokesperson told Bloomberg UK that the alleged compromised TikTok source code "is completely unrelated to TikTok's backend source code". TikTok took to Twitter to add, "TikTok prioritizes the privacy and security of our users' data. Our security team investigated these claims and found no evidence of a security breach".
However, Troy Hunt, an Australian web security consultant, who went through some of the data that was leaked, took to Twitter to say it's a "mixed bag".