Social networks are now a part of our daily lives. They keep us connected, entertain us, and even help shape who we are in the eyes of the world. But that constant exposure also has a dark side: it makes us vulnerable.
Recently, a hacker group known as R00TK1T ISC CYBER TEAM shared a database on a Telegram channel that, according to them, contains information from over 972,000 TikTok accounts. Alarmingly, among all that data, there are at least 640 accounts linked to Mexican email addresses.
And we’re not talking about just any type of information—these are emails and passwords in plain text, exactly as you type them when logging in. So anyone who sees that list could directly access those accounts. No barriers. No obstacles.
What’s worse? Among those accounts are emails from government agencies (like @gob.mx, @tizayuca.gob.mx), public universities such as UNAM, TecNM, and BUAP, and also from Mexican companies. To make matters worse, repeated institutional passwords were found, used over and over again. In other words, digital security is clearly lacking in many of these cases.
Telegram, the app where all this was published, is very popular among those who want to share things without leaving a trace. It offers encryption, anonymity, and that makes it a fertile ground for these kinds of leaks.
Cyberattack and Hacker Threat: TikTok Hacked and Held for Ransom
The R00TK1T group didn’t just leak the data—they also issued a direct threat to TikTok. Along with the file, they posted a message demanding 50 bitcoins (around 3 million dollars) in exchange for halting future attacks. The tone was anything but subtle: “Act now or face annihilation,” they wrote.
According to the group, they gained access to this information by exploiting an alleged vulnerability in the platform. And while there’s still no official confirmation from TikTok, the message is clear: if they don’t pay, this might just be the beginning.
But… Was TikTok Really Hacked?
Despite the hackers’ claims, cybersecurity experts remain skeptical. After reviewing the leaked database, all signs suggest this isn’t the result of a new breach, but rather a collection of credentials previously stolen in other attacks, most likely through malware.
What they seem to have done is gather those old passwords into a single file to make it look like a recent hack. This tactic is nothing new and is often seen on forums where what's known as combolists are sold—huge compilations of emails and passwords from various past data breaches.
Read more: Cybercrime in the U.S.: A Record $16 Billion Lost in 2024
Do You Use TikTok? This Matters to You
Even though this leak may not stem from a brand-new hack, the risk is still very real. A huge number of people use the same password for everything—and if one of those passwords is in this leaked list, any other account where you used the same password is also at risk.
So, what can you do?
Here are some super simple but effective steps to protect yourself:
-
Change your TikTok password (and for any other account where you used the same one).
-
Enable two-factor authentication. That way, even if someone has your password, they won’t be able to access your account easily.
-
Use different and secure passwords for each account. If you can’t remember them all, a password manager can be a big help.
-
Check if your email has been involved in a leak using tools like haveibeenpwned.com. It’s free and very useful.
Protecting yourself doesn’t have to be complicated. Just a few minutes can save you from a lot of headaches.
