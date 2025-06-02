TikTok was alleged by newly emergent threat actor "Often9" to have had 428 million unique user records stolen through the exploitation of an internal API vulnerability, Hackread reports.

Included in the stolen dataset were individuals' email addresses, mobile numbers, TikTok user IDs, usernames, nicknames, biographies, avatar URLs, profile links, account flags, and other metrics, according to Often9. "Normally, TikTok doesn't provide any public API to access private data like emails or phone numbers. But a while ago, due to a vulnerability in one of their internal APIs, it was possible to extract this data," Often9 claimed. While there has been some skepticism regarding the legitimacy of the dataset, which included numerous empty or generic email and phone number fields, most of the exposed data analyzed by Hackread was noted to have been observed in less than two other breaches. TikTok, which had 2 billion records claimed to have been stolen almost three years ago, has already launched a probe into the latest purported data breach.