Breach cyber

TikTok

May 30, 2025 1 min read
TikTok

A threat actor known as 'Often9' has claimed to possess 428 million unique TikTok user records, including sensitive information such as email addresses, mobile phone numbers, and internal account flags. The data's legitimacy is questionable due to the presence of empty or generic fields in the sample entries and the lack of reputation of the seller. Previous claims of TikTok data breaches have been denied by the company.

Source: https://hackread.com/threat-actor-tiktok-breach-428-million-records-sale/

TPRM report: https://scoringcyber.rankiteo.com/company/tiktok

"id": "tik717053025",
"linkid": "tiktok",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 428000000,
                        'industry': 'Social Media',
                        'name': 'TikTok',
                        'type': 'Social Media Platform'}],
 'attack_vector': 'Unauthorized access, possibly through internal systems or '
                  'third-party database',
 'data_breach': {'number_of_records_exposed': 428000000,
                 'sensitivity_of_data': 'Medium to High',
                 'type_of_data_compromised': ['Email addresses',
                                              'Mobile phone numbers',
                                              'Biography, avatar URLs, and '
                                              'profile links',
                                              'TikTok user IDs, usernames, and '
                                              'nicknames',
                                              'Account flags like '
                                              'private_account, secret, '
                                              'verified, and ttSeller status',
                                              'Publicly visible metrics such '
                                              'as follower counts, following '
                                              'counts, like counts, video '
                                              'counts, digg counts, and friend '
                                              'counts']},
 'date_detected': '2025-05-29',
 'description': 'A newly emerged threat actor, going by the alias “Often9,” '
                'has posted on a prominent cybercrime and database trading '
                'forum, claiming to possess 428 million unique TikTok user '
                'records.',
 'impact': {'data_compromised': ['Email addresses',
                                 'Mobile phone numbers',
                                 'Biography, avatar URLs, and profile links',
                                 'TikTok user IDs, usernames, and nicknames',
                                 'Account flags like private_account, secret, '
                                 'verified, and ttSeller status',
                                 'Publicly visible metrics such as follower '
                                 'counts, following counts, like counts, video '
                                 'counts, digg counts, and friend counts']},
 'initial_access_broker': {'data_sold_on_dark_web': True},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain',
 'references': [{'source': 'Hackread.com'}],
 'threat_actor': 'Often9',
 'title': 'TikTok 2025 Breach – 428M Unique Lines',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

Aflac

public 1 min read
Aflac, the largest supplemental insurance provider in the U.S., disclosed a breach where attackers may have stolen personal and…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.