Hacker Claims to Have Stolen Data of 428 Million TikTok Users – But TikTok Denies Breach

A hacker going by the name Often9 has claimed to have stolen personal data from 428 million TikTok users. The alleged data breach was posted for sale on a dark web forum on May 29 under the title “TikTok 2025 Breach – 428M Unique Lines.”

The hacker says the stolen data includes email addresses, phone numbers, usernames, and profile links — information that is not normally available to the public on TikTok. According to a report by HackRead, Often9 claimed they got this data by exploiting a security flaw in TikTok’s internal system before the company patched it.

“TikTok doesn’t usually let anyone access private info like emails or phone numbers,” the hacker reportedly said. “But there was a loophole in one of their internal APIs that let us get this data.”

The hacker insists this wasn’t just public information collected from TikTok profiles. Instead, they argue it was a real breach because they used a vulnerability to access data that shouldn’t have been visible.

However, TikTok strongly denies these claims. In a statement to Security Boulevard, the company said that there is no sign of any breach in their systems. TikTok’s security team looked into the alleged samples and said the data is all publicly available — not the result of a hack.

TikTok also added that it uses advanced security measures to prevent unauthorized data scraping.

It’s worth noting that the same dark web forum has a history of false claims. Just last week, someone falsely claimed to be selling the data of 1.2 billion Facebook users.

As of now, there is no confirmed evidence that TikTok has suffered a major security breach.