Hacking group BlueHornet, better known as “AgainstTheWest”, has caused an uproar in the security community, announcing on the BreachForum forum that it has seized the databases of social video sharing network TikTok and chat app WeChat. The server was the first to report the attack Computer.
But later it turned out to be a forgery. There were virtually empty or worthless tables in the published sample. In response, BreachForum has banned the user and removed the allegedly stolen data samples from the site. Twitter has taken a similar approach to the group.
Suspicions were strong
The 790GB leaked database was supposed to contain 2 billion records with user data, statistics, cookies, source codes and authentication codes for both platforms. According to the first indications, the data was supposed to have leaked from the Alibaba cloud.
BreachForum wasn’t the only place the group showcased their achievement. She posted a screenshot of the captured database on Twitter with the caption: “Who would have thought TikTok would decide to store all of its internal source code on a single Alibaba Cloud instance under an easy-to-crack password?” (Tweet no longer available, full account of BlueHornet user Twitter is blocked.)
Screenshot attached to BlueHornet’s tweet
In the Hacker News forum thread, there were also opinions The data is not from TikTok but leaked from a third party, which works with TikTok for marketing or e-commerce purposes. However, it was not clear if these entities had access to this type of data. This version was later supported by an updated statement from TikTok: This is publicly available data that was collected in an often automated manner (using bots) and aggregated into a database for marketing purposes.
Database hunter Bob Dyachenko Security Discovery confirmed on Twitter that the leaked user data was genuine, but could not make any concrete conclusions about its source.
yes, #TikTokBreach It’s real. Our team analyzed publicly exposed buybacks to confirm the partial leak of user data. pic.twitter.com/8ygcRKBMc3
– Bob Dyachenko 🇺🇦 (MayhemDayOne) 5 September 2022
He later concluded that the published data likely came from various applications of the Chinese company Hangzhou Julun Network Technology in the Chinese province of Zhejiang.
similarly Troy Huntthe creator of the famous service HaveIBeenPwned To detect data breaches, first make sure that some data is correct. However, he did not find anything that was not already publicly available to prove a breach of the security of internal systems.
TikTok denies the attack
Shortly after the screenshots were posted on Friday, TikTok denied being the target of a hacker attack. It is said that the source code shared on hacker forums is not part of its platform. “This is a false claim – our security team investigated the claim and found that the code did not match the TikTok backend source code, which was not combined with WeChat data,” a TikTok spokesperson said, adding that even the leaked user data could not have come directly from his platform. According to him, the network has sufficient security measures that prevent automatic collection of information about users.
Although WeChat and TikTok are Chinese companies, they are not owned by the same parent company – the former is owned by Tencent and the latter by ByteDance. So the fact that the leaked data should have been in one shared database indicates that it was not a direct breach of security on both platforms.
Yesterday, a TikTok spokesperson confirmed that users do not need to take any steps proactively and that their data is completely safe. However, the second mentioned WeChat platform remains silent about the attack.
It is not without interest that the announcement of a massive data breach came just days after Microsoft security analysts have warned of serious vulnerabilities in the TikTok app for Android OS.
Demetrius Valsamaras From the Microsoft 365 Defender development team said that the flaws identified could have made TikTok user profiles available to attackers and allow them, for example, to post private videos or send messages on their behalf. Millions of accounts of the Android version of the app were said to have been hacked. TikTok fixed the issue less than a month after the bug was discovered.
Who are against the West?
After the scandal was exposed with a sample of worthless data, attention turned to the group of hackers against the West, which started the whole affair. From the name, it might seem that the hackers were targeting western countries. But in reality, their targets are supposed to be countries and societies hostile to Western countries. The group consists of at least six hackers from Western European countries.
“Don’t be fooled by the name, targeting against the West countries that you consider a threat to Western society. Currently, his targets are China and Russia, and in the future he plans to focus on North Korea, Belarus and Iran.” conversation CyberKnow Activists.
Since the second half of 2021, AgainstTheWest has been conducting attacks against government and corporate networks in China and Russia. Although they were at one time among the most active contributors to the now-defunct RaidForums forum, their credibility was already in question. On the rival forum RAMP, they are called scammers who just want to make a living by selling unnecessary and useless data.
And the same scenario seems to be repeating itself in the current state of TikTok and WeChat. Close examination of the “leaked data” gradually casts doubt on its authenticity.
Let’s look at it another way – is there anything obviously fake? Yes, in “record_paypal_order_trade_202209032247.csv”: pic.twitter.com/KfEsmkTRkD
Troy Hunt 5 September 2022
Czech imprint at HaveIBeenPwned
Czech servers and companies also have experience leaking data from unsecured databases. Last year, data from Jihlava Gordic Corporation, which operates the widely used Ginis file service system for public administration, was supposed to appear for sale on the dark web. The attackers wanted $100,000 for her, roughly 2.2 million crowns at the time.
pirates on #DarkNet They announced that they had attacked a Czech company specializing in the creation and suppliers of information systems, a technology company # gordic They say they looted #data Staff and email #ArchivesAnd the #shrinkage The leak was identified using the tool #DarkTracer #DarkMap pic.twitter.com/pLyR4NYh5T
– David Havlik (@David_Havlik) 26 July 2021
An earlier, but much larger, data breach has reached the above database HaveIBeenPwned. in 2017 leaked to the public Three quarters of a million email addresses and the same number of passwords are in readable form from the Mall.cz shopping gallery. Not that the mall stores passwords in the database in their original form, but until the fall of 2012, it used an easy-to-crack MD5 algorithm to encrypt passwords. It wasn’t until four years later that he started using more secure encryption.
Server player for this Received a fine of 1.5 million kroner from the Personal Data Protection Office. He initially defended himself against punishment with an unsuccessful administrative claim, then a cassation complaint. The Supreme Administrative Court rule under s. 1 stamp as 238 / 2021–33 At the end of last year Bring the case back to the beginning. He ordered the bureau to closely investigate whether the company had taken adequate measures to protect the data. According to the judges, data leakage alone does not mean the company underestimated its security.
