Kaspersky's statement on the possible TikTok data leak

The first reports about the breach of TikTok appeared a few days ago. On the Breach Forums message board, an unknown user posted what was claimed to be screenshots from database tables with TikTok breach. As the user claims, they have stolen 2 billion database records, which could potentially affect an enormous amount of TikTok users.

Some cybersecurity researchers claim that the data leak allegations are true, while others, confirming some matches between user profiles and videos posted under those IDs in the shown database records, emphasize that such details could be publicly accessible data that may be constructed without breach.

Since TikTok is a globally-known social media app with more than a billion users a month, it makes it an enticing lure for cybercriminals who seek to compromise users' accounts and steal sensitive data.

If the allegations on the Breach Forums message board are true, this could be a serious issue for many users.

If alleged database records are user login credentials, the consequences can range from increased activity by attackers sending them spam or phishing messages, which already carries the risk of losing banking details and personal information, to even hacking into an account at TikTok.

Since many celebrities and bloggers use TikTok as their main source of communication with their audience, cybercriminals may be able to compromise them by publicizing private videos, sending messages, and uploading videos on their behalf. The extent of the consequences depends on how the company handles passwords —- if they are hashed and salted, it makes it much less likely.

Kaspersky recommends TikTok users, who are worried that their account credentials may have been compromised, to change their password. With Kaspersky Password Manager, you can monitor the security of all your passwords in real-time.

To reduce the risk of someone taking over your account, Kaspersky also advises implementing two-factor authentication, which is a great policy for any online account.

By David Emm, principal security researcher at Kaspersky's GReAT