Share this analysis

Fake tiktok breach creates frenzy on the internet.

19 September 2022
BREACHAWARE HQ
Panic

A total of 13 breach events were found and analysed resulting in 635,743 exposed accounts containing a total of 18 different data types of personal datum . The breaches found publicly and freely available included Recycle Internet (URL Redirected), Edilportale, Have Fun Teaching, Dairiki and Caorle. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Categories of Personal Data Discovered

Contact Data, Socia-Demographic Data, Technical Data, Contractual Data, Financial Data, Locational Data, Behavioural Data.

Data Breach Analysis

Recycle Internet (via URL redirect): Although originally difficult to trace directly, the inclusion of this breach via redirection highlights the use of proxy and mirror sites to obscure data origins, complicating efforts to track and contain exposed data.

Edilportale: A widely used portal for architecture and construction professionals in Europe. Exposure from this platform could result in targeted phishing campaigns aimed at professionals and businesses in the construction sector, especially where contact information and project affiliations are involved.

Have Fun Teaching: An educational resource platform primarily used by teachers and parents. Breaches from education-focused sites are especially concerning, given the likelihood of sensitive information on children, educators, and guardians being involved. The compromise of this data could lead to social engineering attacks or identity misuse within school networks.

Dairiki: A niche technical resource site. While not as high-profile, platforms like Dairiki often cater to tech-savvy users who may reuse credentials across developer forums, Git repositories, and corporate environments, raising the risk of supply chain vulnerabilities and unauthorised access in more secure ecosystems.

Caorle: Likely referring to local or municipal-level services in Italy, breaches of this nature point to the growing threat surface of public sector and civic data, often under-protected yet critical to local administrative functions.

Despite the lower number of affected accounts relative to large-scale incidents, this breach cluster is significant for the diverse target types, ranging from education and government to technical and architectural sectors. Each breach carries its own unique threat vector depending on the context of the exposed data and the user base involved.

As attackers continue to mine even obscure platforms for exploitable information, the key takeaway is clear: cybersecurity hygiene must extend beyond high-profile platforms. Smaller sites, educational resources, and niche communities often lack robust defences, making them soft targets that can yield surprisingly damaging results.

Individuals should treat every platform login with caution, while organisations, regardless of size, must prioritise regular audits, user data minimisation, and transparent breach reporting.

Spotlight

A tiktok breach posted by a hacking group to a popular hacking forum had the internet pretty excited, until everyone realised it was fake. The group has now been permanently banned from the said forum. It was definitely a strange move by the hacking group to post this, because after quick analysis of the data by the online community it turned out to be “garbage”. They were also banned from twitter.

An online British digital marketing agency with a plush website has recently suffered a data breach, impacting over nine thousand users. The company markets themselves as having expertise in human behaviour and creative technology. A wide range of datasets were disclosed in the breach, such as hashed Bcrypt passwords, physical addresses, and full names. Marketing company's tend to like to talk about themselves a lot however the company so far hasn’t commented on the data breach, or if they have, we couldn’t find it.

An amusement company has been on a bit of a roller-coast ride, their entrainment app for Android and iOS which allows users to gain access to theme parks and attractions across America has unfortunately been hacked with a section of its users information dumped on a popular hacking forum. A variety of datasets were in the breach including gender, IP address, and date of birth.

  • Key Stats
  • BREACH EVENTS
    0
  • EXPOSED ACCOUNTS
    0
  • EXPOSED DATUM TYPES
    0