TikTok Company Cyber Security Posture
tiktok.comTikTok is the world's leading destination for short-form video. Our platform is built to help imaginations thrive. This is doubly true of the teams that make TikTok possible. Our employees lead with curiosity, and move at the speed of culture. Combined with our company's flat structure, you'll be given dynamic opportunities to make a real impact on a rapidly expanding company as you grow your career. We have offices across Asia Pacific, the Middle East, Europe, and the Americas โ and we're just getting started.
TikTok Company Details
tiktok
69373 employees
3238867.0
71
Entertainment Providers
tiktok.com
Scan still pending
TIK_1303559
In-progress
TikTok Risk Score (AI oriented)Between 900 and 1000
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
TikTok Global Score.png)
TikTok Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 900 and 1000 |
TikTok Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| TikTok | Breach | 100 | 5 | 09/2022 | TIK213327922 | Link | |
Rankiteo Explanation : Attack threatening the organization's existenceDescription: Popular short-form video sharing platform TikTok suffered a data security incident after a hacker group, AgainstTheWest gained access to an internal cloud server containing its source code and user information. The accessed database was hosted on a Alibaba cloud instance, and hold over 2 billion records in a 790 GB database containing user data, platform statistics, software code, cookies, auth tokens, server info, and more. | |||||||
| TikTok | Cyber Attack | 100 | 5 | 1/2025 | TIK000011025 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: Should the US Supreme Court uphold the ban on TikTok as determined by the Protecting Americans From Foreign Adversary Controlled Applications Act (PAFACA), the video-sharing social networking service faces an unprecedented technological clampdown in the US. This potential ban may result in significant economic impact, affecting around 170 million American users, including influencers and businesses that rely on the app for income and promotion. The ruling will hinge on weighing national security risks against First Amendment rights, with implications for online expression, economic factors, and potential data privacy concerns due to the appโs Chinese ownership. | |||||||
| TikTok | Vulnerability | 100 | 6 | 1/2025 | TIK001011525 | Link | |
Rankiteo Explanation : Attack threatening the economy of geographical regionDescription: The potential ban of TikTok in the United States represents a significant move that could undermine the company's economic stance within the region. With over 170 million users in the US, the ban would not only cause a loss of influence and market but also affect countless influencers and businesses that rely on the app for income and promotion. While no data breach or attack is explicitly mentioned, the perception of national security threats could damage TikTok's reputation, and a forced sale or ban by PAFACA could disrupt the app's operations, creating financial and reputational consequences. | |||||||
| TikTok | Breach | 100 | 5 | 1/2025 | TIK000012025 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: TikTok faced a substantial operational disruption in the United States due to the enactment of the PAFACA law, leading to its removal from app stores and ceasing its function on millions of devices. The consequence was a ban on updates and new content, pushing users to look for alternatives like Xiaohongshu. Despite being non-operational, the app wasn't forcibly removed from phones, and users could potentially circumvent the ban. The action implicated significant implications for TikTok's market presence, affected its user base, and raised questions about compliance and corporate strategy in response to political regulations. | |||||||
| ByteDance | Cyber Attack | 100 | 5 | 1/2025 | BYT000012225 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: ByteDance, the parent company of TikTok, faced a significant operational loss as the app was banned in the United States. This resulted in the app's removal from major app stores and impeded its ability to function or receive updates, effectively disabling access for millions of users. The ban, driven by the Protecting Americans From Foreign Adversary Controlled Applications Act (PAFACA), while not making the app illegal, has created a substantial barrier for ByteDance's TikTok in the US market. With users flocking to alternate platforms and seeking workarounds such as VPNs, the app's future in the US remains uncertain, with the impact yet to be fully quantified. | |||||||
| TikTok | Breach | 85 | 4 | 5/2025 | TIK717053025 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: A threat actor known as 'Often9' has claimed to possess 428 million unique TikTok user records, including sensitive information such as email addresses, mobile phone numbers, and internal account flags. The data's legitimacy is questionable due to the presence of empty or generic fields in the sample entries and the lack of reputation of the seller. Previous claims of TikTok data breaches have been denied by the company. | |||||||
TikTok Company Subsidiaries
TikTok is the world's leading destination for short-form video. Our platform is built to help imaginations thrive. This is doubly true of the teams that make TikTok possible. Our employees lead with curiosity, and move at the speed of culture. Combined with our company's flat structure, you'll be given dynamic opportunities to make a real impact on a rapidly expanding company as you grow your career. We have offices across Asia Pacific, the Middle East, Europe, and the Americas โ and we're just getting started.
Access Data Using Our API
Get company history
Rapid.png)
TikTok Cyber Security News
Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties
Taiwan NSB warns of security risks from Chinese apps, citing excessive data collection and sharing with China.
UNLV Experts: Examining the TikTok Ban and Its Implications
Lawmakers are evaluating whether TikTok poses a legitimate cybersecurity risk and if broader digital privacy protections are necessary for allย ...
NSB Warns of Cybersecurity Risks Linked to Popular Chinese Apps Like Rednote, Weibo, TikTok, WeChat, and Baidu Cloud
Taiwan's NSB has issued a stark warning about cybersecurity risks associated with several widely used China-developed mobile applications.
How TikTok is reframing cybersecurity efforts
You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional,ย ...
Cybersecurity Awareness Month at TikTok: A Time to Celebrate and #BeCyberSmart
TikTok is a place where anyone and everyone can have fun, find their community, and be discovered. This month, we're highlighting three creatorsย ...
Has the TikTok Ban Already Backfired on US Cybersecurity?
The ban, which technically goes into effect on Sunday, was narrowly focused on TikTok and simply doesn't go far enough, Approov's Miracco adds.
TikTok's Regulatory Reprieve Unlocks Valuation Upside for Tech Buyers and Cybersecurity Plays
This compression reflects the โregulatory overhangโ created by repeated delays, which have forced ByteDance into a โsell or shut downโ scenario.
Which countries have banned TikTok and why?
The European Parliament, the European Commission, and the EU Council, the three top EU bodies, have all banned TikTok on staff devices, citingย ...
TikTok ban for Pa. state government devices advances
A Pennsylvania Senate Committee unanimously approved a pair of bills during a meeting on Tuesday, including a proposal that would ban TikTokย ...
TikTok Similar Companies
Warner Bros. Discovery
Warner Bros. Discovery, a premier global media and entertainment company, offers audiences the worldโs most differentiated and complete portfolio of content, brands and franchises across television, film, streaming and gaming. The new company combines WarnerMediaโs premium entertainment, sports and
Sony Interactive Entertainment
Sony Interactive Entertainment, the company behind PlayStation, pushes the boundaries of entertainment and innovation, starting from the launch of the original PlayStation in Japan in 1994. Today, we continue to deliver innovative and thrilling experiences to a global audience through our PlayStatio
Waxploitation
Founded in 1996 by Jeff Antebi, Waxploitation is an eclectic Record Label, Music Publishing Company , and Artist Management Company navigating the ever changing landscape of music. Waxploitation developed and manages the career of Danger Mouse, the 24-time Grammy Nominated, 6-time Grammy Award winn
Electronic Arts (EA)
Electronic Arts creates next-level entertainment experiences that inspire players and fans around the world. Here, everyone is part of the story. Part of a community that connects across the globe. A team where creativity thrives, new perspectives are invited, and ideas matter. Regardless of your ro
Lucidity
Lucidity Agency Models, tambiรฉn conocida como Lucidity, es una agencia de modelos establecida en vancouver, Canada, en 2010 por el conglomerado The Ivan Group. Lucidity maneja en la actualidad a mรกs de 800 modelos de los cinco continentes, convirtiรฉndola en la agencia de modelos mรกs grande del mund
Centro Comercial Chipichape
Instalado en los antiguos talleres del ferrocarril, Chipichape fue fundado el 17 de noviembre de 1995, actualmente cuenta con mรกs de 1.300.000 de visitas promedio al mes, mรกs de 1.700 parqueaderos para vehรญculos, alrededor de 1.300 para motos, casi 100 bici parqueos, 16 escaleras elรฉctricas, 1.500 s
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
TikTok CyberSecurity History Information
How many cyber incidents has TikTok faced?
Total Incidents: According to Rankiteo, TikTok has faced 6 incidents in the past.
What types of cybersecurity incidents have occurred at TikTok?
Incident Types: The types of cybersecurity incidents that have occurred incidents Vulnerability, Cyber Attack and Breach.
Incident Details
Can you provide details on each incident?
Incident : Data Breach
Title: TikTok 2025 Breach โ 428M Unique Lines
Description: A newly emerged threat actor, going by the alias โOften9,โ has posted on a prominent cybercrime and database trading forum, claiming to possess 428 million unique TikTok user records.
Date Detected: 2025-05-29
Type: Data Breach
Attack Vector: Unauthorized access, possibly through internal systems or third-party database
Threat Actor: Often9
Motivation: Financial gain
Incident : Operational Disruption
Title: TikTok Ban in the United States
Description: ByteDance, the parent company of TikTok, faced a significant operational loss as the app was banned in the United States. This resulted in the app's removal from major app stores and impeded its ability to function or receive updates, effectively disabling access for millions of users. The ban, driven by the Protecting Americans From Foreign Adversary Controlled Applications Act (PAFACA), while not making the app illegal, has created a substantial barrier for ByteDance's TikTok in the US market. With users flocking to alternate platforms and seeking workarounds such as VPNs, the app's future in the US remains uncertain, with the impact yet to be fully quantified.
Type: Operational Disruption
Motivation: Regulatory Compliance
Incident : Operational Disruption
Title: TikTok Operational Disruption Due to PAFACA Law
Description: TikTok faced a substantial operational disruption in the United States due to the enactment of the PAFACA law, leading to its removal from app stores and ceasing its function on millions of devices. The consequence was a ban on updates and new content, pushing users to look for alternatives like Xiaohongshu. Despite being non-operational, the app wasn't forcibly removed from phones, and users could potentially circumvent the ban. The action implicated significant implications for TikTok's market presence, affected its user base, and raised questions about compliance and corporate strategy in response to political regulations.
Type: Operational Disruption
Motivation: Legal Compliance
Incident : Regulatory Action
Title: Potential Ban of TikTok in the United States
Description: The potential ban of TikTok in the United States represents a significant move that could undermine the company's economic stance within the region. With over 170 million users in the US, the ban would not only cause a loss of influence and market but also affect countless influencers and businesses that rely on the app for income and promotion. While no data breach or attack is explicitly mentioned, the perception of national security threats could damage TikTok's reputation, and a forced sale or ban by PAFACA could disrupt the app's operations, creating financial and reputational consequences.
Type: Regulatory Action
Threat Actor: US Government
Motivation: National Security Concerns
Incident : Regulatory Ban
Title: Potential Ban on TikTok in the US
Description: The US Supreme Court is considering a ban on TikTok as determined by the Protecting Americans From Foreign Adversary Controlled Applications Act (PAFACA). This potential ban could lead to significant economic impact, affecting around 170 million American users, including influencers and businesses that rely on the app for income and promotion. The ruling will weigh national security risks against First Amendment rights, with implications for online expression, economic factors, and potential data privacy concerns due to the appโs Chinese ownership.
Type: Regulatory Ban
Motivation: National Security Risks
Incident : Data Breach
Title: TikTok Data Security Incident
Description: TikTok suffered a data security incident after a hacker group, AgainstTheWest, gained access to an internal cloud server containing its source code and user information.
Type: Data Breach
Attack Vector: Unauthorized Access to Cloud Server
Threat Actor: AgainstTheWest
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident?
Incident : Data Breach TIK717053025
Data Compromised: Email addresses, Mobile phone numbers, Biography, avatar URLs, and profile links, TikTok user IDs, usernames, and nicknames, Account flags like private_account, secret, verified, and ttSeller status, Publicly visible metrics such as follower counts, following counts, like counts, video counts, digg counts, and friend counts
Incident : Operational Disruption BYT000012225
Systems Affected: TikTok App
Operational Impact: App removal from app stores, Disabled access for millions of users
Incident : Operational Disruption TIK000012025
Systems Affected: App Stores, User Devices
Downtime: Indefinite
Operational Impact: Significant
Brand Reputation Impact: Significant
Legal Liabilities: Potential
Incident : Regulatory Action TIK001011525
Operational Impact: Potential disruption of app operations
Revenue Loss: Potential loss of influence and market
Brand Reputation Impact: Damage to TikTok's reputation
Incident : Data Breach TIK213327922
Data Compromised: user data, platform statistics, software code, cookies, auth tokens, server info
Systems Affected: Internal cloud server
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Email addresses, Mobile phone numbers, Biography, avatar URLs, and profile links, TikTok user IDs, usernames, and nicknames, Account flags like private_account, secret, verified, and ttSeller status, Publicly visible metrics such as follower counts, following counts, like counts, video counts, digg counts, and friend counts, user data, platform statistics, software code, cookies, auth tokens and server info.
Which entities were affected by each incident?
Incident : Data Breach TIK717053025
Entity Type: Social Media Platform
Industry: Social Media
Customers Affected: 428000000
Incident : Operational Disruption BYT000012225
Entity Type: Company
Industry: Technology
Location: Global
Customers Affected: Millions of users
Incident : Operational Disruption TIK000012025
Entity Type: Company
Industry: Social Media
Location: United States
Customers Affected: Millions
Incident : Regulatory Action TIK001011525
Entity Type: Social Media Platform
Industry: Technology
Location: Global
Size: Large
Customers Affected: 170 million users in the US
Incident : Regulatory Ban TIK000011025
Entity Type: Social Networking Service
Industry: Technology
Location: Global
Customers Affected: 170 million American users
Data Breach Information
What type of data was compromised in each breach?
Incident : Data Breach TIK717053025
Type of Data Compromised: Email addresses, Mobile phone numbers, Biography, avatar URLs, and profile links, TikTok user IDs, usernames, and nicknames, Account flags like private_account, secret, verified, and ttSeller status, Publicly visible metrics such as follower counts, following counts, like counts, video counts, digg counts, and friend counts
Number of Records Exposed: 428000000
Sensitivity of Data: Medium to High
Incident : Data Breach TIK213327922
Type of Data Compromised: user data, platform statistics, software code, cookies, auth tokens, server info
Number of Records Exposed: 2 billion
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident?
Incident : Operational Disruption BYT000012225
Regulations Violated: Protecting Americans From Foreign Adversary Controlled Applications Act (PAFACA)
Incident : Operational Disruption TIK000012025
Regulations Violated: PAFACA Law
References
Where can I find more information about each incident?
Incident : Data Breach TIK717053025
Source: Hackread.com
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Hackread.com.
Investigation Status
What is the current status of the investigation for each incident?
Incident : Data Breach TIK717053025
Investigation Status: Ongoing
Initial Access Broker
How did the initial access broker gain entry for each incident?
Incident : Data Breach TIK717053025
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident?
Incident : Operational Disruption TIK000012025
Root Causes: Enactment of PAFACA Law
Additional Questions
General Information
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident were an Often9, US Government and AgainstTheWest.
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on 2025-05-29.
Impact of the Incidents
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were Email addresses, Mobile phone numbers, Biography, avatar URLs, and profile links, TikTok user IDs, usernames, and nicknames, Account flags like private_account, secret, verified, and ttSeller status, Publicly visible metrics such as follower counts, following counts, like counts, video counts, digg counts, and friend counts, user data, platform statistics, software code, cookies, auth tokens and server info.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident were TikTok App and App Stores, User Devices and Internal cloud server.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Email addresses, Mobile phone numbers, Biography, avatar URLs, and profile links, TikTok user IDs, usernames, and nicknames, Account flags like private_account, secret, verified, and ttSeller status, Publicly visible metrics such as follower counts, following counts, like counts, video counts, digg counts, and friend counts, user data, platform statistics, software code, cookies, auth tokens and server info.
What was the number of records exposed in the most significant breach?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 2.0B.
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident is Hackread.com.
Investigation Status
What is the current status of the most recent investigation?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
