{"id":653688,"date":"2026-06-15T08:58:18","date_gmt":"2026-06-15T06:58:18","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=653688"},"modified":"2026-06-15T21:06:16","modified_gmt":"2026-06-15T19:06:16","slug":"questions-about-tiktok-users-in-south-africa-after-alleged-breach-exposes-2-4-billion-records","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/internet\/653688-questions-about-tiktok-users-in-south-africa-after-alleged-breach-exposes-2-4-billion-records.html","title":{"rendered":"Questions about alleged TikTok breach that exposed the private data of 2.4 billion people"},"content":{"rendered":"\n

A threat actor has claimed to have breached TikTok’s systems and is selling alleged private user data, including emails, usernames, and phone numbers of more than 2.4 billion TikTok users.<\/p>\n\n\n\n

“Hello. On 5 June 2026, we leaked the TikTok data \u2014 2.4 billion user records, including email addresses and phone numbers. Total records: 2,461,892,091,” they said.<\/p>\n\n\n\n

They also shared a sample of the leaked data, which appeared to also include gender and preferred language information for each user.<\/p>\n\n\n\n

It should be noted that the breach is unconfirmed, and some people have accused the purported hacker behind it of trying to scam potential buyers.<\/p>\n\n\n\n

This is because the forum post included a link to a paid Telegram channel for buyers to download the database. To subscribe, users must pay 10,000 stars, or approximately R4,400, per month.<\/p>\n\n\n\n

MyBroadband asked TikTok about the alleged breach and if any South African users were impacted, but it hadn’t provided feedback by the time of publication.<\/p>\n\n\n\n

While the alleged TikTok breach remains unconfirmed, MyBroadband has observed a new trend following claimed data breaches, where companies rubbish them as containing fake data samples.<\/p>\n\n\n\n

Cybernews researchers said they believe the alleged TikTok data likely came from infostealers<\/a>, or spyware designed to quietly infiltrate devices, harvest information, and exfiltrate it to remote servers.<\/p>\n\n\n\n

They said the samples lacked specific flags to indicate that the data belonged exclusively to TikTok users. Instead, it could be stolen data with TikTok’s name attached as “bait”.<\/p>\n\n\n\n

The team warned that if the leak is confirmed, malicious actors could exploit the data in various ways, such as phishing and vishing attacks.<\/p>\n\n\n\n

Cybersecurity expert Boikokobetso Makhetloane, who goes by Mr Fingerz online, spoke to Cape Talk<\/a> about the alleged breach and warned that it would likely result in many account takeovers if legitimate.<\/p>\n\n\n\n

“They are going to take these passwords and usernames and sell them on the dark web, so other people can buy them and use them as well,” he said.<\/p>\n\n\n\n

“There’s going to be a lot of account takeovers because a lot of people don’t have certain safety features on their accounts.”<\/p>\n\n\n\n

Scammers advertised fake hacks on South African companies<\/h2>\n\n\n\n
\"\"<\/a>
DatingBuzz users that were allegedly impacted through a claimed breach<\/figcaption><\/figure>\n\n\n\n

Several scammers have claimed responsibility for breaching various South African businesses in recent months. However, these appeared to be attempts to scam dark web users into paying for data.<\/p>\n\n\n\n

These have included claims of breaches of a dating website, South African network operator Telkom, and “Wanderers.co.za”.<\/p>\n\n\n\n

DatingBuzz is one of South Africa’s oldest and most popular online dating sites, and its operator recently denied claims<\/a> that it had been breached and that customer records were exposed.<\/p>\n\n\n\n

This followed a threat actor advertising data allegedly containing over 670,000 records from DatingBuzz.co.za users on a deep web hacker forum.<\/p>\n\n\n\n

They set a price of R19,479 for the data and said it included full names, email addresses, account passwords, and user chats.<\/p>\n\n\n\n

Duncan Forrest, founder and CTO of DatingLab, the UK-based software company operating DatingBuzz’s platform, told MyBroadband that it hadn’t experienced any breaches in recent months.<\/p>\n\n\n\n

“We’re not aware of any breaches, and no one has contacted us directly to try to ransom our data or sell it back to us,” Forrest said.<\/p>\n\n\n\n

He explained that there were field names contained in the sample data which DatingLab did not use, and which included data points the company didn’t keep.<\/p>\n\n\n\n

“For example, none of our sites accepts profile videos, so none of our databases contains anything related to them,” Forrest said.<\/p>\n\n\n\n

Forrest said that, on closer inspection of the post, he was “inclined to write this off as another fake post” because there was no verifiable data.<\/p>\n\n\n\n

Another scammer claimed to have breached Wanderers.co.za, the site for the Wanderers’ Stadium. However, the provided data sample appeared to belong to the Wanderers Club.<\/p>\n\n\n\n

In the end, it turned out the threat actor hadn’t breached either entity’s systems and was running a scam.<\/p>\n\n\n\n

Another threat actor, in May 2026, claimed to have accessed Telkom systems and exfiltrated customer data. The actor was advertising data purportedly from Telkom on the deep web.<\/p>\n\n\n\n

However, Telkom said there was no evidence to suggest its systems had been breached, but said it remained vigilant and would continue investigating such claims.<\/p>\n\n\n\n

“Telkom employs robust, multi-layered cybersecurity measures and continuous monitoring to safeguard customer information and protect against malicious activity,” it said.<\/p>\n","protected":false},"excerpt":{"rendered":"

The breach is unconfirmed, but a threat is advertising data allegedly belonging to 2.4 billion TikTok users.<\/p>\n","protected":false},"author":341076,"featured_media":649500,"comment_status":"open","ping_status":"closed","sticky":true,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18,27],"tags":[105427,1565,103898,104533,2808,59100],"class_list":["post-653688","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-internet","category-security","tag-boikokobetso-makhetloane","tag-hacker","tag-infostealers","tag-mr-fingerz","tag-social-media","tag-tiktok"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/653688"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341076"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=653688"}],"version-history":[{"count":9,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/653688\/revisions"}],"predecessor-version":[{"id":654297,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/653688\/revisions\/654297"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/649500"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=653688"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=653688"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=653688"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}