No Evidence of New TikTok Hack: R00TK1T ISC CYBER TEAM’s 972,000 Password Leak Debunked

Incident Overview

On April 23, 2025, the hacker collective R00TK1T ISC CYBER TEAM claimed to have gained access to and leaked a database containing credentials for 972,000 TikTok user accounts¹. They published a sample of the dataset on a Telegram channel, which reportedly includes plaintext email and password pairs from users worldwide, including at least 640 Mexican accounts from government, academic, and corporate domains².

Threat and Extortion Demand

R00TK1T ISC CYBER TEAM accompanied the leak with a ransom demand of 50 bitcoins (around $3 million) and warned TikTok to pay or face further disclosures. “Act now or face annihilation,” the group wrote in its Telegram post³.

Validity of Claims

Security analysts, including Nicolás Azuara of Nico Tech Tips, have assessed the leaked dataset and concluded it appears to be a combolist assembled from previously stolen credentials via infostealer malware, rather than the result of a new TikTok vulnerability².

Risks and Recommendations

Even if TikTok itself did not experience a breach, the exposed credentials pose a real threat due to password reuse across services. Users are advised to:

• Change their TikTok password and any other accounts using the same password.
• Enable two-factor authentication (2FA) on TikTok and other platforms.
• Adopt unique, strong passwords via a password manager.
• Check for past exposure of their email on services like Have I Been Pwned⁴.

Final Thoughts

This extortion stunt by R00TK1T ISC CYBER TEAM highlights the persistent danger of credential harvesting and combolists. Maintaining robust password hygiene and multi-factor authentication remains essential to mitigate such risks.

Related Articles

• CISA Issues Guidance After Oracle Cloud Credentials Leak: What Organizations Must Do
• 4chan Hacked: Major Data Breach Exposes Internal Data and Source Code