1 min reading
Tue Sep 20 2022

TikTok suffers critical third party data breach


The jury's still out on how this happened, but it's possible that TikTok might have stored all their internal backend source code on Alibaba Cloud, protected only by a weak password. Asides from the bad cyber hygiene, this is an example of mismanagement of a critical third party.

The company denied that there was a breach, however on September 3rd reports of a hack surfaced on Breach Forums, with the impact of a server holding 2.05 billion records in a 790GB database.

More on this story on TheHackerNews:

TikTok Denies Data Breach Reportedly Exposing Over 2 Billion Users’ Information

TikTok has denied reports of a data breach after a hacker group claimed to have gained access to information on two billion of its users.


The Hacker NewsRavie Lakshmanan


Ceeyu is a  SaaS platform that can help assess the security of your vendors and other third parties. By using a platform to improve your third-party risk management process, your organization can easily and quickly identify areas of risk. This data will help improve the security of risky vendors, effectively increasing yours as well.

Contact us for a demo! [email protected]

Silvana Precup Ceeyu

Silvana Precup


Cybersecurity professional experienced in cross-functional roles bridging between top management, risk functions, IT and security operations teams. With a knack for TPRM and digital footprint.

Other Blogposts

Ceeyu UI

NIS2: Essential entities vs Important entities, what’s the difference?

The impact of NIS2 for essential and important entities is not much different when it comes to implementing controls to comply, as they are ...

December 11, 2023


The EU DORA regulation and third party risk

With the DORA regulation that the EU aims to strengthen the IT security of financial services and industries. This means banks, insurance co...

July 17, 2022


How to manage the third party risks posed by your critical suppliers

This blog post walks you through some ideas on how to navigate the complex web of third-party risks, focusing on critical suppliers.

June 27, 2022