A threat actor using the alias “Often9” has surfaced on a known cybercrime forum, claiming to have acquired a trove of 428 million unique TikTok user records.

The post, titled “TikTok 2025 Breach – 428M Unique Lines,” alleges that the dataset includes sensitive information such as email addresses, phone numbers, internal account flags (like private or verified status), and engagement metrics like follower counts and video stats. The supposed breach has attracted significant attention due to the inclusion of fields not typically available through public TikTok profiles, hinting at a possible compromise of internal systems or a third-party data leak.

However, there are reasons to question the legitimacy of this claim. Many of the sample entries provided by Often9 show missing or generic data, and the account itself is new and lacks a verified reputation—critical markers of credibility on such forums. Additionally, the same platform has recently been the site of false breach claims, casting further doubt on this one. Analysts also point out that much of the information shown in the samples could be scraped from public profiles, which—while problematic—doesn’t equate to a true system breach.

Cross-referencing some of the email addresses with the breach notification service HaveIBeenPwned reveals limited prior exposure, which slightly boosts the claim’s credibility. Still, the relatively small sample size makes it difficult to confirm the breach’s authenticity. TikTok has launched an investigation, and for now, the cybersecurity community is urging caution, reminding stakeholders that past claims of massive TikTok breaches have turned out to be exaggerated or entirely fabricated.