TikTok data breach claims put ByteDance’s short video app back in spotlight amid controversy over Chinese ownership
- Cybersecurity analysts tweeted about the discovery of an insecure server on Monday, but claims of leaked personal data are inconclusive
- TikTok said claims about the breach were incorrect and that the code was ‘completely unrelated’ to its back-end source code

TikTok said the claims of a breach discovered over the weekend were incorrect. “Our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s back-end source code,” a spokesperson said.
Troy Hunt, an Australian web security consultant, went through some of the data samples listed in the leaked files and found matches between user profiles and videos posted under those IDs. But some details included in the leak were “publicly accessible data that could have been constructed without breach”.
“This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info. Some data is junk, but it could be non-production or test data,” he posted on Twitter. “It’s a bit of a mixed bag so far.”
The vulnerability identified by Microsoft is a narrower issue that could have affected mobile phones running Android. It may have allowed attackers to access and modify “TikTok profiles and sensitive information, such as by publicising private videos, sending messages and uploading videos on behalf of users,” wrote Dimitrios Valsamaras from the Microsoft 365 Defender Research Team.