Hackers Claim TikTok Breach: 900,000+ User Credentials Allegedly Leaked

A notorious cybercriminal group known as R00TK1T ISC CYBER TEAM has claimed responsibility for a series of disruptive cyberattacks targeting TikTok users, alleging both the deletion of individual user accounts and the theft of sensitive data belonging to over 900,000 users.

While these claims have yet to be independently verified, they have sparked widespread concern among cybersecurity experts and TikTok’s global user base.

Alleged Data Leak and Account Deletions

According to the post from CyberKnow, on April 24, 2025, R00TK1T announced via its Telegram-based propaganda channel that it had exfiltrated and was preparing to leak the credentials of approximately 927,000 TikTok users.

The group claims its warnings to TikTok’s parent company, ByteDance, went unheeded, prompting the public release of a sample data set.

If authentic, the leaked data could enable mass account takeovers, phishing campaigns, and even large-scale identity theft.

R00TK1T further asserts that it has been able to delete user accounts, effectively locking users out of the platform or erasing their digital presence.

While TikTok has not yet responded publicly to these specific allegations, the company has previously faced scrutiny over its data protection practices and vulnerability to cyberattacks.

Technical Methods and Attack Vectors

R00TK1T is known for its use of advanced cyberattack techniques, often leveraging a combination of malware, rootkits, and social engineering.

The group’s tactics typically align with the MITRE ATT&CK framework, employing methods such as:

• Phishing (MITRE T1566): Delivering malicious links via private messages to trick users into revealing credentials or installing malware.
• Exploiting Public-Facing Applications (MITRE T1190): Targeting vulnerabilities in web applications and servers to gain unauthorized access.
• Credential Stuffing and Infostealers: Using previously stolen credentials or deploying malware to harvest new ones, enabling lateral movement within networks.

In previous incidents, attackers exploited TikTok’s direct messaging system to send malicious links, hijacking high-profile accounts and accessing personal data, including names, email addresses, phone numbers, and even facial recognition information.

R00TK1T’s Track Record and Motives

R00TK1T has built a reputation for high-profile cyberattacks across Asia and the Middle East, targeting both government and private sector entities.

Their operations often blend technical sophistication with psychological warfare, using Telegram channels to publicize breaches, leak stolen data, and issue ideological manifestos.

The group’s rhetoric frames their actions as a rebellion against digital authority, seeking to undermine trust in institutions and promote a narrative of total insecurity.

Despite their technical prowess, R00TK1T is also known for exaggerating the scale and impact of their operations.

Cybersecurity analysts urge caution, noting that such claims should be treated skeptically until independently verified by forensic analysis or official confirmation from affected organizations.

Implications and Ongoing Investigation

If the latest claims prove accurate, the consequences for TikTok users could be severe, ranging from unauthorized account access to targeted phishing attacks and identity theft.

Experts recommend that users enable two-factor authentication, remain vigilant for suspicious messages, and update their passwords immediately.

TikTok has yet to issue an official statement regarding the alleged breach and account deletions.

Cybersecurity researchers continue to monitor the situation, analyzing leaked samples for authenticity and tracking R00TK1T’s movements across the dark web.

For now, the true extent of the breach remains uncertain, but the incident underscores the persistent threat posed by organized cybercriminal groups and the need for robust digital defenses.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates