➤Summary
The scale of the latest TikTok data breach is nothing short of shocking. On May 29, 2025, cybersecurity monitoring group Kaduu uncovered a massive leak of 428 million unique TikTok user records posted on the darknet. The breach, listed on Ascarding.net by the forum user USDT, allegedly originated from a hack carried out by the cybercriminal known as Often9.
The leaked database is particularly concerning because it does not just include usernames and profile links—it contains sensitive contact details and account metadata. For millions of TikTok creators and regular users, this breach opens the door to phishing attacks, scams, and identity risks. 🚨
What the Database Contains
According to the forum post, the exposed TikTok dataset consists of 428 million unique lines in a structured format. This makes it particularly easy for criminals to search, filter, and misuse the stolen information.
The sample format shared on the darknet includes:
user_id, username, nickname, email, phone, follower_count, following_count, like_count, video_count, digg_count, friend_count, private_account, secret, ttseller, verified, biography, avatar_url, profile_url, country
This means the breach contains not only profile statistics but also private data fields such as emails, phone numbers, account status, and whether or not the account is verified. Criminals could leverage these details to impersonate influencers, blackmail users, or sell verified accounts for profit.
Where Was the Leak Posted?
The leaked TikTok database was posted on Ascarding.net, a darknet forum notorious for trading stolen data, compromised accounts, and hacking tools. These forums are common hubs where data leaks are auctioned, sold in bulk, or shared for notoriety.
When Did It Leak?
The breach was posted on May 29, 2025, but the compromise itself may have taken place weeks earlier. Hackers often hold onto stolen data before releasing it publicly or selling it to maximize profit.
Who Is Behind the Breach?
The darknet post credits the hacker Often9 as the one responsible for compromising TikTok systems or scraping its data. However, the distribution was handled by USDT, a well-known darknet forum participant specializing in large-scale leak postings.
This combination suggests a partnership between hacker and broker: one focuses on stealing the data, the other on monetizing it.
Risks of the TikTok Data Breach
The consequences of this leak are widespread, given the global popularity of TikTok. Here are the most pressing risks users face:
- Phishing and spam attacks 📧 – Emails and phone numbers could be used for fake TikTok login requests or scams.
- Impersonation of influencers – High-profile accounts could be targeted to trick fans into scams.
- Privacy violations – Non-public information like “private_account” and “secret” may expose user activity.
- Monetization of stolen accounts – Verified or seller accounts could be resold for thousands of dollars.
- Geopolitical risk – Since the database includes “country” fields, this could be weaponized in targeted cyber campaigns.
Expert Commentary
Cyber experts are already sounding the alarm about this case.
“Breaches of this magnitude create ripple effects across the entire digital ecosystem. Criminals can weaponize even seemingly harmless profile data when combined with emails, phone numbers, and account stats. TikTok users should act now to secure their accounts.” – Cybersecurity analyst at DarknetSearch.com
This highlights why monitoring groups like The Kaduu play such a critical role in early detection. Without their scans, many leaks would remain unnoticed until after criminals had already profited. 🔎
Screenshot Proof Section
Screenshot Placeholder – Ascarding.net Forum Post Evidence
Practical Tip for TikTok Users
Checklist to protect yourself after a data breach:
- ✅ Change your TikTok password immediately
- ✅ Enable two-factor authentication (2FA)
- ✅ Be wary of emails or texts pretending to be TikTok support
- ✅ Review your TikTok account settings and linked apps
- ✅ Monitor your accounts on DarknetSearch.com to see if your email or phone number is exposed
External Expert Coverage
Independent media outlets have started reporting on the case. According to SC World, the TikTok breach could be one of the largest social media data exposures in history, rivaling previous leaks at Facebook and Twitter. 🌍
Why This Breach Matters Globally
Unlike smaller leaks, this TikTok breach isn’t just a localized issue—it affects users worldwide. With TikTok boasting over a billion monthly active users, nearly half of its base may have been compromised. This scale of exposure gives criminals unparalleled access to personal data, fueling fraud across regions.
The breach also raises questions about TikTok’s security posture. How could such a vast dataset be stolen? Was it hacked directly from servers, or scraped using flaws in TikTok’s API? Until more information is confirmed, speculation will continue.
Common Questions About the TikTok Breach
How do I know if I’m affected?
Users can check whether their email or phone number is compromised using monitoring tools such as DarknetSearch.
What is the worst-case scenario?
If criminals successfully combine phone numbers, emails, and profile details, they can impersonate users, hijack accounts, or even commit financial fraud.
Can TikTok fix this quickly?
While TikTok can patch vulnerabilities, the leaked data is already in circulation. Once stolen, information cannot be “taken back.”
Conclusion
The TikTok data breach exposing 428 million accounts stands as one of the most alarming social media leaks to date. With the hacker Often9 linked to the compromise and USDT distributing the dataset on Ascarding.net, the case underlines just how vulnerable user information remains on global platforms.
For users, the best defense is immediate action: secure your accounts, monitor your digital footprint, and stay informed. Platforms like DarknetSearch.com provide tools and resources to help protect against the fallout of such breaches.
👉 Discover much more in our complete guide
👉 Request a demo NOW
Your data might already be exposed. Most companies find out too late. Let ’s change that. Trusted by 100+ security teams.
🚀Ask for a demo NOW →