Threat actor behind alleged TikTok hack gets permanently banned from BreachForums


TikTok is again under the spotlight after a threat actor said they had hacked the social network, leaking over 2 billion records. The cybercriminal is now banned from Twitter and the illicit hacking community forum where they first bragged about the breach.

On September 3, threat actor AgainstTheWest said on BreachForums they had breached TikTok and WeChat. BreachForums is an illicit hacking community forum created by a threat actor named "pompompurin" after the seizure of the infamous Raid Forums.

ADVERTISEMENT

On Monday, AgainstTheWest, also known as BlueHornet, said they had already pulled out over 790GB of data. In total, the threat actor has already extracted over 2 billion records.

According to a tweet by the threat actor, who is now banned on Twitter, they accessed all of TikTok's backend source code "on one Alibaba Cloud instance using a trashy password."

The Deleted Tweet
This tweet is now deleted, and the account - suspended. Screenshot taken by Cybernews using the WayBack Machine

TikTok has repeatedly denied the breach, and security researchers investigating the published data sample believe the data has not originated from TikTok. TikTok’s spokesperson told Cybernews the company found no evidence of a security breach.

“We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases. The samples also appear to contain data from one or more third party sources not affiliated with TikTok. We do not believe users need to take any proactive actions, and we remain committed to the safety and security of our global community."

"Data is likely to come from Hangzhou Julun Network Technology Co., Ltd rather than TikTok. Still, the question is, why is there so much data?" security researcher Bob Diachenko tweeted.

Researchers also doubted the breach seeing data from TikTok and WeChat merged. Given these are two separate companies, ByteDance-owned TikTok and Tencent-owned WeChat, it wasn't likely this data could originate from TikTok's servers.

ADVERTISEMENT

After the news about the alleged breach made headlines, the threat actor was banned not only by Twitter. They received a permanent ban on BreachForums.

"Staff edit: This thread was restored due to multiple people asking for it back. AgainstTheWest initially deleted it. Please note that the breach is not from TikTok and that he most likely was lying or didn't even investigate it before making such outrageous claims. AgainstTheWest has had a long history of lying about breaches or other things (Saying he's a state-sponsored hacking group... lol), and this was just the tipping point," pompompurin said.

TikTok and WeChat breach thread
Screenshot by Cybernews from Breach Forums

Cybernews has reached out to AgainstTheWest, although received no response to date.

In April, cybersecurity company Cyberint published a blog post calling BlueHornet (AgainstTheWest) one of the more interesting advanced persistent threat (APT) groups currently in play. BlueHornet has been observed targeting major organizations and other APT groups from Russia, China, Iran, and North Korea.

After the Russian invasion of Ukraine, the group went public on Twitter and hit waves with several campaigns against threat groups supporting Russia. It found a handful of potential targets when about 30 groups sided with Russia at the beginning of the war.