Well this is going to be interesting - has @tiktok_us been breached? https://t.co/80UGasas1V
With the preface that all this is "alleged" at this time, there's a post on a popular hacking forum from 12 hours ago making some pretty major claims: https://t.co/M9oLXhT4Vd
"There's another DB in the Oracle server we're in, it's called "cabinet cloud" and it's 34GB in total. No idea why it's here and what it's for, but we're releasing it because we don't think we'll need it.
Here's the video of the tables:" https://t.co/Fw3XAb2fPL
A 237MB sample was provided which includes the files listed in this Gist: https://gist.github.com/troyhunt/d238ded80353cce53bea4545545ed172
Is it legit? Let's see what's verifiable, starting with the "tiktok_video_username_parse_record_202209032248.csv" file. Looks to be largely Vietnamese LGBT content with IDs, which means we can at least see if they line up with publicly accessible videos... https://t.co/2mZNDW9xSj
The first entry has an ID that matches this video, and a description that also lines up https://www.tiktok.com/@haitienofficial/video/6997394725166681371?is_from_webapp=v1&item_id=6997394725166681371
Let's pick a random one a few thousand lines in, Yep, that also matches: https://www.tiktok.com/@haitienofficial/video/6938659779971665153?is_from_webapp=v1&item_id=6938659779971665153 https://t.co/HBZ6HgWgjR
But this is all publicly accessible data so it *could* have been constructed without breach, let's look further...
Checking out "tiktok_video_202209032248.csv", the first 2 IDs lead to videos that are no longer available, but the 3rd one returns a hit for an active vid with matching description. Again, scrapable data though... https://www.tiktok.com/@mxkechong/video/6996802218615655685?is_from_webapp=v1&item_id=6996802218615655685 https://t.co/VK7xXAbH99
Still need non-public data for verification, so let's look at "record_paypal_order_202209032247.csv". SKU translation here is "15 yuan/100 Tiktok live viewers" and IP addresses are private range. Bit inconclusive. https://t.co/jzS8qv2req
Let's look at it the other way - is there anything in there that's obviously fake? Yes, in "record_paypal_order_trade_202209032247.csv": https://t.co/KfEsmkTRkD
Same with "sys_user_202209032248.csv": https://t.co/KBf2PgBcCx
This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info. Some data is junk, but it could be non-production or test data. It's a bit of a mixed bag so far.
Onto the next data set which is alleged to have from @WeChatApp and is sits alongside the TikTok files. Here's what's in this corpus: https://gist.github.com/troyhunt/10713b370f0fb01ae704b9aa1357a496
@WeChatApp The 3 "wechat" prefixed files seem like the most logical place to start, but they're all empty save for column headings: https://t.co/uHffFbFsHl
@WeChatApp Let's look at the largest files instead, the top 17 all beginning with "user_friend_request_202209032229_[int]". Obfuscating anything I'm not confident isn't personal, the URLs return avatars and the nicks seem viable at a glance. https://t.co/uzHr1XQgVb
Little trickier verifying as everything is run through the mobile app. No probs, I’ve got a WeChat account from previous time spent in China. But I used to just login with mob number and now it wants a password. Ok, I’ll just recover the accou… 🤦♂️ https://t.co/y6kiyGonRK
Oh FFS, what an abysmal, completely pointless UX 🤦♂️ https://t.co/bPA4Q503qw
Not going to be able to go much further with WeChat without access to the service. It's not clear why this is bundled in with TikTok, AFAIK they're both independently operated entities (government control aside). I find it odd they're presented together, and it's not clear why.