Here at TikTok, we are committed to protecting the security of our global community and upholding the highest standards of security and data protection.

In October, we are thrilled to celebrate Cybersecurity Awareness Month and encourage our community over one billion strong to #BeCyberSmart. We're also marking four years of TikTok's global bug bounty program with HackerOne!

Below we're highlighting two important groups who contribute to our culture of online security, the researchers who power our HackerOne bug bounty program, as well as creators spreading cybersecurity knowledge on the platform.

Four Years with HackerOne

Since program inception in 2020, TikTok's partnership with HackerOne for our Global Bug Bounty program has seen tremendous growth and impact. Year after year, our work with HackerOne underscores the importance of open collaboration in the security space and allows us to share knowledge and work together to proactively protect our global TikTok community.

Since founding the program, TikTok has worked with over 450 security researchers who have proactively identified and disclosed over 1,000 security vulnerabilities so that our security teams could quickly resolve them. We are proud to announce that we have also reached (and surpassed) an important milestone, awarding over $1.6M in bounties in addition to what has been awarded during Live Hacking Events.

In August, TikTok participated in one of these Live Hacking Events, which invited top hackers from around the world to join a fun, fast-paced occasion that culminated the same week of the DEF CON conference in Las Vegas. This event resulted in TikTok awarding over $720,000 in bounties to 50 researchers from over 29 different counties in just 20 days. Involvement in this Live Hacking Event, following up on our participation in the finale of HackerOne's Ambassador World Cup in late 2023, has provided TikTok an opportunity to deepen our commitment to HackerOne, the community of security researchers, and the broader bug bounty space.

“TikTok is one of the world’s most popular apps, and the stakes are high for a security team protecting over one billion users. As a global organization, TikTok’s bug bounty program contributes to its sophisticated security posture as an invaluable last line of defense. Over the last four years, TikTok's dedication to building engagement on their program has continued to produce powerful results.” - Marten Mickos, HackerOne CEO

In addition to diving deeper into our program history here, we would like to highlight some of our top security researchers in our bug bounty program as of October 1, 2024:

  • supermancyber: Jeffery joined HackerOne in August 2023 and has quickly risen to be one of TikTok's top contributors. What he enjoys most about being on HackerOne is the opportunity to help in securing top platforms such as TikTok, knowing that his work directly impacts the security of people around the world.
  • imran_nisar: A top contributor in 2023 as well, Imran has been a valued contributor of TikTok's bug bounty program for years. He started his ethical hacking journey in 2017, and has reported over three hundred vulnerabilities to the HackerOne platform. He deeply values HackerOne's collaborative nature, and appreciates the ability to teach aspiring hackers in his work.
  • datph4m: Pham began his ethical hacking journey in 2019, and since then has been one of TikTok's top hackers three years in a row. Not only does he enjoy the challenges and learning opportunities on HackerOne, but also the collaborative spirit and connections with other researchers in the industry.

2024 Cybersecurity Creator Spotlight

TikTok is a place where anyone and everyone can have fun, find their community, and be discovered. This month, we're highlighting three creators, @adjacentnode, @itsmarcushutchins, and @lolalovestech who educate our community on cybersecurity topics. Teaching everything from network engineering to day in the life vlogs of a cybersecurity professional, these creators empower our community to #LearnOnTikTok and dive deeper into cybersecurity topics.

  • @adjacentnode (Florida, USA): Kevin is a networking and cybersecurity content creator who uses his extensive experience as a network engineer to make technology accessible and engaging. His content is designed to educate and inspire, blending technical expertise with a relatable, down-to-earth style.
  • @itsmarcushutchins (California, USA): Marcus is a British cybersecurity specialist, public speaker, and content creator currently living in Los Angeles, California. He is best known for stopping WannaCry, the largest ransomware attack in history. Marcus now uses his skills as a hacker and programmer to create digestible videos and blog posts aimed at educating the next generation of cybersecurity experts.
  • @lolalovestech (London, UK): Lola is an educator from London, blending her love for all things technical with a mission to empower the next generation of cybersecurity professionals. Whether she's sharing hands-on tips, insider guidance on breaking into the industry, or exploring the latest cybersecurity trends, Lola is dedicated to helping others unlock their potential and thrive in the tech space.

Top Tips to #BeCyberSmart

All year long, we like to empower our global community to #BeCyberSmart wherever they show up online. Check out some of our top tips below!