For TikTok, a platform that sees more than one billion monthly active users, staying ahead of cyber threats is always top of mind. TikTok relies on hackers as a key component in providing the secure platform their users deserve, and one billion people are more secure thanks to the partnership. 

As part of an ongoing commitment to proactive cybersecurity, TikTok celebrated its one-year anniversary of HackerOne bug bounty by thanking (via video, of course!) 150+ hackers from around the globe who have helped them identify and resolve more than 225 vulnerabilities. They also share insights into assets in scope, their commitment to transparency, and their best-in-class payout and response time metrics. 

You can find the original blog published by TikTok here, or check out this video featuring some of the program’s top hackers from the first year of the public program. 

Celebrating the Ethical Hacker Community

Blog post originally published by Suhana Hyder, Vulnerability Management Leader, TikTok

TikTok’s mission is to inspire creativity and bring joy, and the security of our global community is always a priority. Staying ahead of next-generation cyber threats requires continuously strengthening the security and integrity of our platform. Critical to that effort is partnering with the world’s best researchers, academic scholars, and independent experts to continuously test our own defenses.

In the past year, we’ve expanded our vulnerability disclosure policy to include a global bug bounty program with HackerOne. We’ve strengthened our global security organization and established global Fusion Center operations in Washington DC, Dublin, and Singapore. We’ve earned ISO 27001 certifications in the US, UK, Ireland, Singapore, and India for investing in the people, processes, and technology to keep our community safe. We’ve also partnered with leading organizations like the National Cyber Security Alliance to inspire leaders of the future and encourage people of all backgrounds to #BeCyberSmart.

As we celebrate our one-year anniversary with HackerOne and the evolution of its Internet Bug Bounty (IBB) program, we’re excited to spotlight the top ethical hackers helping TikTok pioneer new defenses to protect over one billion people worldwide. Through the partnership, we’ve awarded nearly $250,000 in bug bounties to over 150 hackers around the world for helping us identify and resolve over 225 vulnerabilities. Our comprehensive scope and commitment to transparency continues to draw new hackers to the program, and we aim to pay out eligible bounties within two days of triage with an average first response time of 14 hours.

“We’re delighted to celebrate this anniversary and continue to help TikTok keep their platform secure,” said Ben Sadeghipour (@NahamSec), Head of Hacker Education at HackerOne. “TikTok’s program is a great example of the positive impact bug bounties can have on overall security, and we hope more organizations see the value that hackers and bug bounty programs can bring to their security teams.”

Security is a team sport. To ethical hackers around the world: thank you for helping us keep the global TikTok community safe and secure by disclosing potential vulnerabilities, so we can quickly eliminate them.

As of October 1, this year’s top 5 contributors are:

  • bubbountybubbounty is a French bug bounty hunter who discovered ethical hacking while looking for a legal, secure, and fun way to learn practical hacking. Now his full-time job is hacking on TikTok’s program and other large companies.

  • luizvianaBased in Brazil, luizviana discovered hacking at age 12 while trying to hack online games for more points. He began studying security more seriously at age 16, and now he’s hacking on programs like TikTok and performing penetration tests for Brazilian companies.

  • s3cs3c is a 22-year-old bug bounty hunter named Yusuf from Kurdistan, Iraq. He’s worked in programming and web development since 2017, and he began hacking on public programs for global technology companies in 2018.

  • dphoenixxdphoenixx started hacking three years ago. While coding on PHP and Python, he discovered “The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws” and was immediately hooked on ethical hacking. He continues to learn by practicing on bug bounty programs for top social media, technology, and financial services platforms.

  • k1ra_ k1ra_ is an 18-year-old hacker based in Nepal. At age 13, the self-taught learner hacked into his neighbor’s WiFi to let them know their network was insecure. Since then, he’s gained experience with private and public bug bounty programs, including TikTok and global technology and financial services companies.

Want to learn about bug bounty programs? HackerOne Bounty has everything you need to launch an effective program on a single platform. And at HackerOne, organizations work with the world’s largest and most diverse community of hackers in the world. Contact us to learn more.

Posted by Charlie