TikTok was allegedly targeted by a newly identified threat actor, 'Often9,' who claimed to have exploited a vulnerability in an internal API to steal 428 million unique user records. The compromised dataset included sensitive personal information such as email addresses, mobile numbers, TikTok user IDs, usernames, nicknames, biographies, avatar URLs, profile links, and account flags. While TikTok does not publicly expose such data via APIs, the vulnerability reportedly allowed unauthorized extraction. Though skepticism exists due to some empty or generic fields in the dataset, independent analysis by *Hackread* confirmed that much of the exposed data had appeared in fewer than two prior breaches, suggesting legitimacy. TikTok, which previously faced a 2 billion-record breach claim in 2021, has initiated an investigation into this incident. The breach poses significant risks, including identity theft, phishing, and reputational damage, given the scale and sensitivity of the leaked data.
Source: https://www.scworld.com/brief/massive-tiktok-breach-claimed-to-compromise-428m-users
TPRM report: https://www.rankiteo.com/company/tiktok
"id": "tik3481234113025",
"linkid": "tiktok",
"type": "Breach",
"date": "6/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '428 million unique user records '
'(alleged)',
'industry': 'technology/internet',
'location': 'global (HQ: Los Angeles, CA, USA / '
'Beijing, China)',
'name': 'TikTok',
'size': 'large (1+ billion users)',
'type': 'social media platform'}],
'attack_vector': 'exploitation of internal API vulnerability',
'data_breach': {'data_exfiltration': 'alleged (via API vulnerability exploit)',
'number_of_records_exposed': '428 million (alleged)',
'personally_identifiable_information': ['email addresses',
'mobile numbers',
'usernames',
'nicknames',
'biographies',
'avatar URLs',
'profile links'],
'sensitivity_of_data': 'moderate to high (includes PII, '
'though some fields were '
'empty/generic)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'account metadata']},
'description': "TikTok was alleged by newly emergent threat actor 'Often9' to "
'have had 428 million unique user records stolen through the '
'exploitation of an internal API vulnerability. The stolen '
'dataset included email addresses, mobile numbers, TikTok user '
'IDs, usernames, nicknames, biographies, avatar URLs, profile '
'links, account flags, and other metrics. While skepticism '
"exists regarding the dataset's legitimacy (due to "
'empty/generic fields), most exposed data was observed in '
'fewer than two other breaches. TikTok has launched an '
'investigation into the purported breach.',
'impact': {'brand_reputation_impact': 'potential reputational damage (alleged '
'breach under investigation)',
'data_compromised': ['email addresses',
'mobile numbers',
'TikTok user IDs',
'usernames',
'nicknames',
'biographies',
'avatar URLs',
'profile links',
'account flags',
'other metrics'],
'identity_theft_risk': 'moderate (PII exposed, though some fields '
'were empty/generic)',
'systems_affected': ['internal API']},
'initial_access_broker': {'entry_point': 'internal API vulnerability',
'high_value_targets': ['user databases']},
'investigation_status': 'ongoing (TikTok probe launched)',
'references': [{'source': 'Hackread'}],
'response': {'incident_response_plan_activated': 'probe launched '
'(investigation ongoing)'},
'threat_actor': 'Often9 (emergent threat actor)',
'title': 'Alleged TikTok Data Breach via Internal API Vulnerability Exploit',
'type': ['data breach', 'unauthorized data access'],
'vulnerability_exploited': 'internal API vulnerability (details undisclosed)'}