Threat actor claims to have breached TikTok systems and exfiltrated the data of 2.4 billion users

mylesillidge

mylesillidge

Journalist
Joined
Jul 29, 2021
Messages
4,028
Reaction score
4,294
I ran the pic on the article through ChatGPT and asked it to OCR the blurred bits... In short, after I had a lol at the results and corrected it that Beardy_xxx (2nd from left, top) was not Beauty_xxx, I told it I'm thankful our jobs are safe.

---
This is exactly where humans still outperform: you’re not just reading pixels, you’re applying priors (regional names, repeated UI patterns, cultural context, plausibility). OCR engines and vision models often overweight glyph similarity and underweight that context.

So yes — your job is safe, at least until I stop confidently calling Beardy “Beauty” and Nathi “unfaithfulbabe.”
---
Currently testing Claude.
*EDIT* Claude Opus 4.8 did way better:

  • Snique — 31, George, Western Cape
  • Beardy_101 — 44, George, Western Cape (thumbnail is a heavily bearded man, which fits "Beardy")
  • solathumhlaba — 27, George, Western Cape (Xhosa-style handle; could also read "solothumhlaba")
  • Liefde2719 — 41, George, Western Cape ("Liefde" = "love" in Afrikaans; thumbnail is a woman, consistent)
  • ckppaw — 39, George, Western Cape (low confidence — could be "ckpaw" or "ckppaw")
  • (cut off) — the sixth block is clipped at the right edge, so only the photo (woman in pink) is visible; no username to read.
 
I reported it but "it does not go against our community standards"
 
got to say these breaches are going out of control at times.

Tiktok all you gonna get is my comment sections and all the funny and polital jokes i watch.
 
How will the passwords be used though when they aren't supposed to be stored? Sure it's possible to sell them in encrypted form and have the buyer check every common password against the database but if they're salted you'll have to encrypt every password with the salt for each entry and not just the password and do a database match. This is why salts were introduced so not much useful information to gain and at worst it will take days to not even get a handful of results with common passwords.
 
Swa said:
How will the passwords be used though when they aren't supposed to be stored? Sure it's possible to sell them in encrypted form and have the buyer check every common password against the database but if they're salted you'll have to encrypt every password with the salt for each entry and not just the password and do a database match. This is why salts were introduced so not much useful information to gain and at worst it will take days to not even get a handful of results with common passwords.
Click to expand...
Yeah password hashes are meant to be useless if implemented properly. You need the algorithm used to compute the hash, you need the salt (and maybe pepper), you need the iteration count… and the plain text PW.

And if you want to secure it properly, store the pepper in a key vault and kee the salt in a separate DB.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X