Customer story

TikTok

Enhancing Security Through Ethical Hacking: How TikTok leverages HackerOne's platform and community to protect over one billion users worldwide, ensuring a safe environment for creativity and connection.

Speak with an expert

Download the Case Study

Overview

Securing creativity at global scale

TikTok has rapidly become one of the fastest-growing entertainment platforms, with over one billion users worldwide, including over 170 million users and 7.5 million businesses in the United States alone. TikTok isn't just a platform for entertainment; it's a hub for creativity, learning, connection, and joy. However, this explosive growth requires innovative solutions to keep such a large, global community secure.

With the help of security researchers, TikTok has resolved thousands of vulnerabilities before malicious actors could exploit them. The financial investment in this program is substantial, with TikTok paying out over $400,000 in bounties in just one afternoon of a live hacking event and nearly $3M in program history. Beyond immediate vulnerability discovery, the insights from security researchers have helped TikTok enhance its internal security testing skills and strengthen its Software Development Lifecycle by shifting security practices left to address issues earlier in the development process.

This proactive approach to security has improved TikTok's defenses and proven cost-effective. By identifying and fixing issues before they reach production, TikTok has significantly reduced the cost and effort associated with remediation. Moreover, the program has played a crucial role in building trust with the hacker community and TikTok's vast user base by demonstrating a strong and visible commitment to security.

1B+

Global Users

$3M

Total Bounty Payouts

$400K

Single Day Bounty Record

170M

U.S. Users

Scaling security to match unprecedented global growth

The Challenge

Before partnering with HackerOne, TikTok relied primarily on its security teams and an internal bug bounty program to identify and address vulnerabilities. While its internal security infrastructure is robust, TikTok recognized that keeping pace with its exponential user growth and the ever-evolving threat landscape required an engaged community of researchers to provide fresh perspectives.

TikTok faced three critical challenges:

Scaling security efforts to match unprecedented global growth
Protecting a vast and complex ecosystem of interconnected systems
Securing over one billion users worldwide from evolving threats

Strategic partnership and comprehensive bug bounty program

The Solution

In response to these challenges, TikTok strategically partnered with HackerOne in 2020, implementing a comprehensive bug bounty program. This partnership began with a public bug bounty program, starting with a limited scope and gradually expanding to include numerous domains and participating in Live Hacking Events. The program was designed for continuous engagement, allowing security researchers to report vulnerabilities year-round, and it was supplemented by focused live hacking events like the HackerOne World Cup and TikTok's live hacking event in Las Vegas.

Bug Bounty

Uncover novel and elusive vulnerabilities missed by other controls with continuous researcher-led testing.

Learn more about TikTok's program from their recent Live Hacking Event in Vegas

In their own words

From the TikTok team

We know that the best way to protect our community and stay ahead of the evolving threat landscape is to collaborate with industry-leading experts, researchers, and academics, inviting them to disclose potential security vulnerabilities so we can quickly address them.

Suhana Hyder

Vulnerability Management Leader, TikTok

We have a strong partnership with HackerOne. Since launching the program in 2020, we've deeply valued their support, which has allowed us to greatly expand our program's scope and impact.

Ethan

Product Vulnerability Management Lead, TikTok