TikTok expands disclosure efforts on cybersecurity threats

TikTok announced Thursday that it is expanding its cybersecurity vulnerability disclosure program to further address cyber threats.

The move is part of the social media platform’s broader efforts to promote security during National Cybersecurity Awareness Month.

TikTok announced in a blog post that it is partnering with HackerOne to create a “global bug bounty program,” expanding its existing vulnerability disclosure program to help users or security professionals flag technical concerns with the platform.

HackerOne is a vulnerability coordination and bug bounty platform that has a community of more than 750,000 ethical hackers and security researchers, according to TikTok.

“This partnership will help us to gain insight from the world’s top security researchers, academic scholars, and independent experts to better uncover potential threats and make our security defenses even stronger,” the company wrote in the blog post. “As always, we appreciate security researchers who take the time to analyze our platform, and we encourage them to submit their reports so that we can build better defenses.”

The company emphasized its work to increase the cybersecurity of the platform, noting that “TikTok’s fast-growing team of US-based security experts are working vigilantly to find and prevent potential threats 24/7,” including through the use of “cutting-edge technology” and working with outside experts to test systems.

“We actively encourage researchers to look for bugs and report them to us so that we can fix them before a bad actor can exploit them,” the company wrote.

In addition, the company rolled out a series of TikTok videos featuring employees encouraging users to practice good cyber hygiene, including by detailing how to create a strong password and how to use a password manager.

More videos are planned to roll out throughout the year emphasizing strong cybersecurity habits.

October is National Cybersecurity Awareness Month, with TikTok announcing its actions in conjunction with national efforts to spotlight cybersecurity issues.

“Security is constantly evolving, and our team is committed to meeting the challenge head-on,” TikTok wrote. “We will continue to build a safe and secure app for the TikTok community by investing in technology, people, and partnerships.”

The efforts to increase cybersecurity come amid ongoing negotiations between the Trump administration and the social media platform over whether U.S. users will be able to continue to access TikTok.

TikTok is owned by Chinese-based company ByteDance, and President Trump issued two executive orders in August ordering ByteDance to divest itself of TikTok due to potential national security concerns around access to U.S. consumer data.

A federal judge blocked a Commerce Department order from going into effect on Sept. 27 that would have required TikTok to be removed from all app stores, but the judge’s order leaves in place a Nov. 12 deadline that would completely ban the use of TikTok in the U.S. if a deal is not reached between the administration and the company.

TikTok has consistently pushed back against concerns it could pose a security risk, including through moving all U.S. data to storage centers in the United States and making its code available to security researchers to review as part of the launch of its Transparency and Accountability Center in July.