Search TorWire

Find cybersecurity guides and research articles

Home > News > Cybersecurity > South African TikTok Users Could be Affected in 2.4 Billion Records Found in Database Leak

South African TikTok Users Could be Affected in 2.4 Billion Records Found in Database Leak

By: Jordan Vector Cybersecurity Expert

Last updated: June 15, 2026

Human Written
South African TikTok Users Could be Affected in 2.4 Billion Records Found in Database Leak
  • Researchers found a database that has 2.4 billion records which might have links to TikTok users & their activity data.

  • The experts believe that hackers may have gathered the information from many sources, including ones they got through infostealer malware infections.

  • The discovery is making TikTok users ask if South African users are among those whose information appeared in the open dataset.

TikTok users in South Africa are facing a lot of questions about the security of their personal information. The questions started after cybersecurity researchers found a database that has roughly 2.4 billion records which bad actors say they stole from the video-sharing platform.

Researchers reported finding a publicly accessible database containing a large amount of TikTok user data. There’s no sign of a direct TikTok breach, but the large dataset has still raised global security concerns.

From what these researchers found, threat actors may have collected the information belonging to TikTok users from a lot of different sources before compiling them into a single database.

This is already creating uncertainty about how many TikTok users globally and including the ones in South Africa, hackers have been exposed in this incident.

How Researchers Discover the Massive Database Linked to TikTok

According to Cybernews reports, its researchers came across this database while carrying out the investigations they conduct routinely in a bid to find online data repositories that cybercriminals have exposed.

Due to the huge amount of data in this database which was around 2.4 billion records that belong to TikTok users, the researchers concluded that this hack is one of the largest data exposures around the platform that has made news in recent years.

Some of the information the experts saw in the dataset included account identifiers, details of the user profile  & metadata that shows user activity.

After researchers discovered the database, they noted that anyone could check the contents in it because there was no strong security protecting the database. This was before the hackers eventually put up restrictions on it.

However, the investigators couldn’t immediately pinpoint the owner of the database or who gathered the data to create it.

The discovery made them analyze their findings more to verify whether the hackers got the information directly from TikTok itself or whether they harvested it from many other sources & consolidated everything into a single repository.

Evidence Points Away from a Direct TikTok Breach

Despite how massive the database is, researchers have concluded that they could not find any evidence that hackers got it directly from TikTok’s internal systems through a breach.

Instead, in the report, Cybernews pointed out that many indicators showed the threat actors gathered the information from many sources by using infostealer malware infections plus other datasets they had breached earlier.

Hackers often design Infostealer malware to steal information from any devices it corrupts, and such things it steals include login credentials, cookies plus other data related to the victim’s accounts. And afterwards, it sends the data to the cybercriminals.

Security researchers said this theory is a simple explanation behind the dataset appearing as information hackers gathered from multiple users operating in different locations & time periods.

The distinction is important because it indicates that the user data exposure came from widespread device compromises instead of a single attack against TikTok’s infrastructure.

However, as the researchers pointed out, the hackers could have attached TikTok’s name just to bait people into paying to access the database. At the time of reporting, there is no evidence from anywhere to prove that the database came directly from a breach of TikTok’s servers.

South African Users Urged To Remain Vigilant

Although the researchers didn’t find out the number of users whose data hackers stole to compile the database, the recent findings inevitably raised concerns among South Africa’s growing TikTok community.

There have been many breaches in South African companies such as a website for dating, a network operator in South African Telkom, plus “Wanderers.co.za” However all these claims appeared to be false but just a ploy by bad actors to make money on the dark web.

Millions in the country now use the video-sharing platform, so local accounts could be included in a dataset this large. Researchers warn that user databases can still be valuable to cybercriminals even without passwords.

Hackers can use them to carry out  phishing campaigns, attempts to impersonate the real owners or other social engineering attacks.

The value of South African user data on dark web markets is driving a surge in breaches. Cybercriminals are selling local data for pennies, making identity theft more accessible than ever.

According to cybersecurity expert Boikokobetso Makhetloane, who is popularly known as Mr Fingerz online, if the researchers prove the breach to be true, it would likely enable the bad actors to take over many accounts.

Boikokobetso Makhetloane added that hackers may sell usernames and passwords on the dark web for others to use in further attacks. Mr Fingerz also warned that hackers could take over many accounts if users don’t strengthen their security settings.

There is still uncertainty, as the database’s owner and origin are unknown. As such, there is no way to determine whether other bad actors grabbed some copies before the hackers removed access 

Security experts advise users to monitor their accounts, tighten security settings, and enable multi-factor authentication if possible. Also, users should not open suspicious messages carelessly, especially the ones claiming to come from TikTok or other legit services.

Share this article

About the Author

Jordan Vector

Jordan Vector

Cybersecurity Expert

Jordan is a security researcher and advocate who focuses on making privacy practical. Whether he's explaining how to harden a browser or reporting on the latest surveillance disclosures, his goal is to equip readers with knowledge they can use immediately. Jordan believes that true security begins with understanding the digital landscape.

Comments (0)

No comments.