[ff7c11]

I don't believe the kids behind this Twitter account. I don't know why they're doing it exactly, probably some form of clout or to scam buyers on darknet marketplaces, but I know that many of their screenshots are faked. I know people at one of the companies they claimed to have hacked - they posted a Ruby on Rails directory structure as proof of hacking them but the company does not have Ruby code. So I would not trust any of their tweets.

[richbell]

I don't trust them (AgainstTheWest, not Troy Hunt) either — and frankly I'm surprised to see that they're still active.

Earlier this year they claimed to have discovered an NGINX 0-day RCE and tested it against a Canadian bank. Not only was it a big nothing-burger, but they ended up purging their Telegram channel aftwards with claims of infighting (screenshots for posterity: https://imgur.com/a/5AThvTv).

[ajsfoux234]

The original submission link was https://twitter.com/AggressiveCurl/status/156616119824850944... , it was changed since this comment was posted

[charles_kaw]

> they posted a Ruby on Rails directory structure as proof of hacking them but the company does not have Ruby code

I think it's extremely suspicious, but often times breaches like this aren't through the core platform itself. For example, Equifax was a support site that was hosted and built separately from their main platform.

This whole thing does smell like BS to me, though as well.

[rvz]

The TikTok breach is completely real. [0] Despite the hilarious denial spirals in the comment section.

You don't need to wait for Troy Hunt to tell you otherwise, even he is not always correct.

[0] https://twitter.com/MayhemDayOne/status/1566748988770066435

[boomboomsubban]

And then 30 minutes later

>UPDATE: while there is definitely a breach, it is still work in progress to confirm the origin of data, could be a third party.