TikTok for Developers
Hackers Who Help: Celebrating Our Four-Year Partnership With HackerOne
by Vulnerability Management Team
Community
Security

October is Cybersecurity Awareness Month, which provides an opportunity to promote online safety among our users and highlight the work of the cybersecurity professionals who help keep the TikTok platform and our community safe. This month also marks the anniversary of a critical partnership for TikTok's security teams. Four years ago, TikTok and HackerOne launched a bug bounty program aiming to engage a global group of ethical hackers to help keep the global TikTok platform safe and secure.


Bug Bounty Program

We're celebrating four years of working together with HackerOne to ensure that vulnerabilities are proactively identified and resolved so that the data of our global community is kept safe. Through our bug bounty program, we've enabled leading third-party security researchers to put our security measures to the test. We appreciate and encourage researchers to proactively report vulnerabilities through this program so that our security teams can quickly resolve them.


Since launching our bug bounty program in October of 2020, we've been able to locate and remedy countless vulnerabilities, all while frequently sharing updates about the program. In 2022, we became a founding sponsor of HackerOne's Corporate Security Responsibility (CSecR) pledge, honouring transparency, collaboration, innovation, and differentiation as core principles to help create a safer digital world for everyone.


Live Hacking Event

In 2023, we sponsored HackerOne's Ambassador World Cup Finals, which brought together hackers from around the world in a tournament-style live hacking competition where sizeable bounties were paid out and national pride was on the line. The success of the Ambassador World Cup whetted our appetite and led us to host a live hacking event focused specifically on TikTok in late July and early August of this year.


This event marked the culmination of our HackerOne partnership. Across two weeks, the scope of our program was narrowed and the size of our bounties doubled. 50 of the world's top hackers, representing 29 different countries, worked day and night to help us keep the platform and our community secure. On the final day of the event, we gathered in person in Las Vegas at the HyperX eSports Arena, where security was showcased as a spectator sport. As bounties were found, chimes went off and the event's leaderboard showed which hackers were in the lead. In total, we received more than 300 valid reports and paid out $721,000 in bounties. Once the event had ended, we hosted a Recharge Day to relax and celebrate alongside the security researchers who supported our mission of keeping TikTok secure. Watch an exciting recap of the event here.


DEF CON Hacker Conference

The live hacking event and Recharge Day took place during the week of DEF CON, one of the oldest and most important hacker conferences in the world. Our partnership with HackerOne served as the backbone of our participation during this critical week for the hacking community. Knowing the importance of this week, we also engaged in several other ways in order to deepen relationships with the security research community and continue to establish TikTok's Global Security Organization as a world-class security program.


During DEF CON this year, we sponsored SquadCon, a conference for women of color in the security field
and conducted mock interviews and resume review workshops with young secuity professionals. We seamlessly integrated into the first ever Bug Bounty Village at DEF CON
and sponsored a TikTok branded "creator corner", where security researchers could record video and audio content to share their experiences. Alongside our friends in the bug bounty community, we also hosted a social mixer for hundreds of security professionals interested in TikTok's security efforts and partnership with ethical hackers.


Our four-year partnership with HackerOne and broader engagement during this week underscores our dedication to the ethical hacking community and bug bounty space. We are constantly working toward ensuring the security of our global community.


In addition to industry-leading projects in the U.S. and Europe like Project Texas and Project Clover—which TikTok has voluntarily been implementing to meet and exceed regional data protection requirements—we constantly strive to reduce security risks and give confidence to our global community. Partnering with HackerOne to build a trusted global bug bounty program and engage the world's top ethical hackers demonstrates this commitment. We're proud of the work we've done and look forward to engaging this community further and continuing to make the platform more secure.


If you're interested in learning more about our program, please visit TikTok's HackerOne page.

Share this article
Discover more
Highlights from our Privacy Innovation Meetup at ACM CCS 2024
TikTok's Privacy Innovation team hosted a meetup at ACM CCS 2024, showcasing privacy-preserving technologies like ManaTEE and reinforcing the team's commitment to privacy and security through industry and academic collaboration.
Privacy
Community
A Recap of DevDay 2024: TikTok's Inaugural Developer Conference
Our first-ever TikTok DevDay in San Jose was an incredible success! With over 300 developers in attendance, the event provided an immersive experience into TikTok’s growing ecosystem of tools and innovations. Here is the recap blog of our event.
Community
TikTok Donates ManaTEE Open Source Project to the Linux Foundation
TikTok is donating ManaTEE, a platform built on Trusted Execution Environments, to the Linux Foundation’s Confidential Computing Consortium. ManaTEE is designed to address critical challenges in data privacy and security.
Tech @ TikTok
Open source