On Friday, September 2, a threat group known as “AgainstTheWest” posted on a forum claiming to have data that was stolen from TikTok and WeChat. The post had screenshots of a database, which was supposedly accessed on an Alibaba cloud instance containing data for both companies. The threat actor says this server holds 2.05 billion records in a massive 790GB database containing user data, platform statistics, software code, cookies, auth tokens, server info, and more.
TikTok has denied the hacking allegations. The post from AgainstTheWest was deleted after researchers stated that the data was inconclusive and cannot be verified from being from either company. The post has since been restored, but with a note stating the threat actor did not verify that the breach was legitimate. Some say the data is sourced from a public scraper that took public data from the companies and dumped it on their own server. The threat actor’s name alludes to targeting western states, but it appears the threat actor does the complete opposite, targeting China and Russia with plans to target North Korea, Iran, and Belarus.