In the last two years of their bug bounty program, the hacker community has helped TikTok identify and disclose 450 vulnerabilities in their public-facing assets. In response, TikTok has awarded $585,000 in bug bounties to over 250 ethical hackers. In honor of Cybersecurity Awareness Month and their second anniversary with HackerOne, TikTok has shared a message of thanks for the entire hacker community, with a special shout-out to some of their program’s top hackers.

You can find the original blog published by TikTok here, or check out this video thanking the program’s top hackers from the past year.

Celebrating the cyber community on TikTok

Blog post published by the TikTok Community team on October 7, 2022

At TikTok, we’re always focused on ensuring the safety, security, and privacy of our global community. This is a responsibility we take very seriously, as over 1 billion people turn to our platform to express themselves creatively, learn something new, or be entertained. As we continually invest in the people, processes, and technology to enable best-in-class security operations at scale, we know it’s important to work with third-party experts to help test our defenses.

We’re also proud to support efforts that promote cybersecurity best practices from industry-leading organizations like HackerOne, along with the Global Cyber Alliance (GCA) and National Cybersecurity Alliance.

Together we’re continuing to spread cybersecurity awareness, education, and opportunity. We’re celebrating our 2-year anniversary of our Global Bug Bounty program, unveiling our 2022 TikTok Cybersecurity Champions, elevating the #SeeYourselfInCyber initiative to inspire people of all backgrounds to explore professional opportunities in the growing field, and sharing tips to always #BeCyberSmart.

Celebrating our 2-year anniversary with the ethical hacker community

Earlier this year, TikTok became a founding sponsor of HackerOne’s Corporate Security Responsibility (CSecR) pledge, honoring transparency, collaboration, innovation, and differentiation as core principles to help create a safer digital world for everyone. The pledge furthers the commitments we made two years ago when launching our Global Bug Bounty program. Since its inception, we’ve awarded over $585,000 in bug bounties to over 250 ethical hackers for responsibly identifying and disclosing over 450 vulnerabilities so we could quickly resolve them. The program continues to attract new hackers thanks to our comprehensive scope and commitment to transparency.

As of October 1, this year’s top contributors are:

  • s3c: Yusuf is a 23-year-old bug bounty hunter from Kurdistan, Iraq, claiming his spot as one of TikTok’s top contributors for the second consecutive year! As an independent security researcher on the HackerOne platform with five years of experience, Yusuf enjoys helping top companies protect their business.
  • Apapedulimu: Nosa is a 22-year-old security engineer by day and bug bounty hunter by night. From a small city in Indonesia, he started working with HackerOne in 2017 and hopes to become a superstar bug bounty hunter by improving his skills every day.
  • Amakki: Abdulrahman is a 21-year-old bug bounty hunter from Saudi Arabia who has been discovering vulnerabilities for various technology companies since starting his hacking journey at age 10 and formally joining the HackerOne community in 2019.
  • datph4m: Pham is a security engineer at a software company in Vietnam who has been working with HackerOne for about four years, during which time he’s discovered serious vulnerabilities for some of the world’s top technology companies.

“The best ethical hackers choose to work on bug bounty programs that are open and transparent, and customers trust vendors that clearly communicate about what they’re doing to improve security,” said HackerOne CEO Marten Mickos. “A key reason for TikTok’s success with software security is that they practice such transparency, and we commend TikTok’s active engagement in our Corporate Security Responsibility initiative, which prizes transparency as one of its core principles.

Posted by Charlie