New Threat Actor Emerges with 428 Million Records for Sale, but Experts Question Legitimacy

A newly emerged threat actor, going by the alias “Often9,” has posted on a prominent cybercrime forum claiming to possess 428 million unique TikTok user records. The post, titled “TikTok 2025 Breach – 428M Unique Lines,” promises a dataset containing detailed user information such as email addresses, mobile phone numbers, and internal account flags. This information cannot be easily obtained through TikTok’s public-facing website or mobile app, suggesting that the threat actor may have accessed internal TikTok systems or an exposed third-party database.

However, experts are casting doubt on the validity of the claim, citing several red flags. A significant number of sample entries show empty or generic fields for emails and phone numbers, raising the possibility that the dataset was put together from scraped public profiles and organized using old breach data or guesswork. Additionally, the threat actor is a new account on the forum with no reputation, and the same platform has a recent history of inflated or false breach claims. In fact, the same platform was used last week to promote a so-called “1.2 billion Facebook user” data sale, which was later exposed as fake in an exclusive Hackread.com investigation, leading to the seller’s ban.

A closer look at the sample data reveals that many fields, user IDs, usernames, profile links, and follower metrics, are publicly accessible and could be obtained through large-scale scraping operations. While scraping at scale can still pose risks, such as phishing or spam campaigns, it does not equate to a breach of internal systems.

Hackread.com also cross-checked the email addresses in the sample data against records on HaveIBeenPwned, and most were found in fewer than two previous data breaches. However, a 1,200-line sample from a supposedly 428 million record breach is not enough to establish legitimacy.

This is not the first time a threat actor has claimed to breach TikTok’s data. In September 2022, a hacker claimed to have acquired 2 billion TikTok records, including internal statistics, source code, 790 GB of user data, and more, a claim that was later denied by the company. The company has yet to comment on the current breach claim, and Hackread.com will continue to investigate and update this article accordingly.

The emergence of this breach claim highlights the ongoing risks associated with large-scale data collection and the importance of protecting user information. As the cybercrime world continues to evolve, it is essential for users to remain vigilant and take steps to protect their personal data.