TikTok hacked, 2 billion user records exposed

On Sept. 5, cybersecurity researchers disclosed a data breach in world-famous video app TikTok, involving up to 2 billion user database records.

Cybersecurity experts commented on the incident on Twitter:

Who would have thought that @TikTok would decide to store all their internal backend source code on one Alibaba Cloud instance using a trashy password?"

A TikTok spokesperson denied the hack and reported that their security team "investigated this statement and determined that the code in question is completely unrelated to TikTok's backend source code".

The vulnerability, which would have required several issues to be chained together to exploit, has now been fixed by TikTok:

Attackers could have leveraged the vulnerability to hijack an account without users' awareness if a targeted user simply clicked a specially crafted link.

At the same time, however, several cyber-security analysts tweeted about the discovery of what was "a breach of an insecure server that allowed access to TikTok's storage, which they believe contained personal user data".

The ransomware operation Cl0p appeared to have accessed the industrial control systems of a UK water supply company.

Last month, the notorious ransomware group Cl0p reported it had hacked into a water supplier and have accessed the firm’s internal network potentially giving them the ability to mess with the water flow.