TikTok's Bug Bounty Program and Ethical Hackers

TikTok's primary goal is to inspire creativity and bring joy to its global community. As a platform, we prioritize the security of our users and continuously work towards strengthening the security and integrity of our platform. To achieve this, we collaborate with the best researchers, academic scholars, and independent experts to constantly test and improve our defenses.

Over the past year, we have taken several steps to enhance our security measures. We have expanded our vulnerability disclosure policy to include a global bug bounty program in partnership with HackerOne. Additionally, we have bolstered our global security organization and established Fusion Center operations in Washington DC, Dublin, and Singapore. Our commitment to ensuring the safety of our community is further demonstrated by earning ISO 27001 certifications in multiple countries, including the US, UK, Ireland, Singapore, and India. We have also joined forces with organizations like the National Cyber Security Alliance to inspire future leaders and promote cybersecurity awareness among people from diverse backgrounds.

As we celebrate our 1-year anniversary with HackerOne and the evolution of its Internet Bug Bounty (IBB) program, we are proud to recognize the top ethical hackers who have played a crucial role in helping TikTok pioneer new defense mechanisms to protect over 1 billion users worldwide. Through this partnership, we have rewarded nearly $250,000 in bug bounties to more than 150 hackers across the globe. Their contributions have helped us identify and resolve over 225 vulnerabilities. Our comprehensive scope and commitment to transparency have attracted new hackers to the program, and we strive to provide eligible bounties within 2 days of triage, with an average first response time of 14 hours.

Ben Sadeghipour (@NahamSec), Head of Hacker Education at HackerOne, expressed his delight in celebrating this anniversary and continuing to assist TikTok in maintaining a secure platform. He emphasized the positive impact bug bounties can have on overall security and encouraged more organizations to recognize the value that hackers and bug bounty programs bring to their security teams.

We firmly believe that security is a collective effort, and we extend our gratitude to ethical hackers worldwide for their invaluable contributions in keeping the global TikTok community safe and secure. Their efforts in disclosing potential vulnerabilities enable us to swiftly address and eliminate them.

As of October 1, the top 5 contributors to this year's bug bounty program are:

bubbounty - A French bug bounty hunter who discovered ethical hacking as a means to learn practical hacking legally and securely.
luizviana - Based in Brazil, luizviana started exploring hacking at the age of 12 while attempting to hack online games for additional points. He has since dedicated himself to studying security and now actively participates in bug bounty programs for TikTok and conducts penetration tests for Brazilian companies.
s3c - Yusuf, a 22-year-old bug bounty hunter from Kurdistan, Iraq, has been involved in programming and web development since 2017. He began hacking on public programs for global technology companies in 2018.
dphoenixx - Three years ago, dphoenixx stumbled upon "The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws" while coding in PHP and Python. This discovery sparked his interest in ethical hacking, and he continues to learn and practice through bug bounty programs for major social media, technology, and financial services platforms.
k1ra_ - An 18-year-old hacker from Nepal, k1ra_ taught himself hacking and gained experience through private and public bug bounty programs. His journey began at the age of 13 when he hacked into his neighbor's insecure WiFi network to alert them about the vulnerability. He now actively participates in bug bounty programs for TikTok, as well as global technology and financial services companies.

To learn more about TikTok's bug bounty program, please visit our program page.

Follow our @TikTokTips account and join us in promoting cybersecurity awareness by sharing tips to identify and defend against common cyber threats.