What is the official website of TikTok ?

The official website of TikTok is https://www.tiktok.com/about?lang=en.

What is TikTok's cybersecurity risk score?

TikTok has an AI-generated cybersecurity risk score of 578 out of 1000, indicating a Very Poor security posture according to Rankiteo's assessment.

How many security incidents has TikTok experienced?

According to Rankiteo, TikTok currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has TikTok been affected by any supply chain cyber incidents ?

According to Rankiteo, TikTok has been affected by multiple supply chain cyber incidents. The affected supply chain sources and their corresponding incident IDs are: Google Cloud (Incident ID: MEDZYPTELMETTIKGOOYOU1770029110) Canadian Institute for Cybersecurity (Incident ID: YAHFACTIKNETMICONLBINCAN1769189638) NPM (Incident ID: GOONPMORGGOVAPPMETTHEAWSTIKK7-1773672350)

Does TikTok have SOC 2 Type 1 certification ?

According to Rankiteo, TikTok is not certified under SOC 2 Type 1.

Does TikTok have SOC 2 Type 2 certification ?

According to Rankiteo, TikTok does not hold a SOC 2 Type 2 certification.

Does TikTok comply with GDPR ?

According to Rankiteo, TikTok is not listed as GDPR compliant.

Does TikTok have PCI DSS certification ?

According to Rankiteo, TikTok does not currently maintain PCI DSS compliance.

Does TikTok comply with HIPAA ?

According to Rankiteo, TikTok is not compliant with HIPAA regulations.

Does TikTok have ISO 27001 certification ?

According to Rankiteo,TikTok is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does TikTok operate in ?

TikTok operates primarily in the Entertainment Providers industry.

How many employees does TikTok have ?

TikTok employs approximately 81,193 people worldwide.

Does TikTok own any subsidiaries ?

TikTok presently has no subsidiaries across any sectors.

How many LinkedIn followers does TikTok have ?

TikTok's official LinkedIn profile has approximately 3,962,322 followers.

What is the NAICS classification code for TikTok ?

TikTok is classified under the NAICS code 71, which corresponds to Arts, Entertainment, and Recreation.

Does TikTok have a Crunchbase profile ?

No, TikTok does not have a profile on Crunchbase.

Does TikTok have a LinkedIn profile ?

Yes, TikTok maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/tiktok.

How many cybersecurity incidents has TikTok experienced ?

As of June 16, 2026, Rankiteo reports that TikTok has experienced 13 cybersecurity incidents.

How many peer or competitor companies does TikTok have ?

TikTok has an estimated 7,484 peer or competitor companies worldwide.

What types of cybersecurity incidents has TikTok faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Breach, Vulnerability and Cyber Attack.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

TikTok

Boost Score +25 with badge (5 left)

578

/1000

Very Poor

603

/1000

Poor

TikTok Vendor Cyber Rating & Cyber Score

tiktok.com

Add Your Compliance Badge

Inspire Creativity and Bring Joy

TikTok A.I CyberSecurity Scoring

Scoring History

TikTok

TikTok CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

TikTok

Vulnerability

6/2026

WHITIKINS178092...

TikTok

Cyber Attack

5/2026

TIKGOO177966876...

TikTok

Cyber Attack

2/2026

Google Cloud

MEDZYPTELMETTIK...

TikTok

Breach

1/2026

Canadian Instit...

YAHFACTIKNETMIC...

TikTok

Breach

1/2026

NETFACTIKBINONL...

TikTok

Vulnerability

8/2025

NPM

GOONPMORGGOVAPP...

TikTok

Breach

5/2025

TIK717053025

TikTok

Cyber Attack

100

1/2025

BYT000012225

TikTok

Breach

100

1/2025

TIK000012025

TikTok

Breach

6/2023

TIK1769168089

TikTok

Breach

100

09/2022

TIK213327922

TikTok

Breach

6/2021

TIK348123411302...

TikTok

Breach

6/2018

TIKAMA176901658...

Loading…

A.I.

TikTok Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for TikTok

Incidents vs Entertainment Providers Industry Avg (This Year)

TikTok has 106.61% more incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs All-Companies Average (This Year)

TikTok has 367.29% more incidents than the average of all companies with at least one recorded incident.

Incident Types TikTok vs Entertainment Providers Industry Avg (This Year)

TikTok reported 5 incidents this year: 2 cyber attacks, 0 ransomware, 1 vulnerabilities, 2 data breaches, compared to industry peers with at least 1 incident.

Incident History - TikTok (X = Date, Y = Severity)

Loading…

SUBSIDIARY

TikTok Subsidiaries

TikTok

Entertainment Providers

Website: https://www.tiktok.com/about?lang=en

Company Size: 10,000+ employees

TikTok trendsTechnology, Information and Internet

TikTok for BusinessAdvertising Services

ByteDanceSoftware Development

Loading…

TikTok Similar Companies

Cinemark

cinemark.com

Headquartered in Plano, TX, Cinemark Holdings, Inc. provides premium out-of-home entertainment experiences as one of the largest and most influential theatrical exhibition companies in the world with 497 theatres and 5,644 screens in the U.S. and Latin America as of September 30, 2025. • Our circuit is the third largest in the U.S. with 304 theatres and 4,249 screens in 42 states. • We ranked either #1 or #2 in box office revenues in 21 of our top 25 markets. • We are one of the most geographically diverse circuits in Latin America with 193 theatres and 1,395 screens in 13 countries. • We have a presence in 15 of the top 20 metropolitan cities in South and Central America.

Dave & Buster's Inc.

daveandbusters.com

Welcome to Dave & Buster's, the ONLY place to Eat, Drink, Play & Watch Sports®, all under one roof! Here, you can immerse yourself in a world of excitement, from our Million Dollar Midway, packed with the hottest arcade games, to our mouth-watering, chef-crafted creations served in our American restaurant. We're not just a destination; we're an experience you won't find anywhere else. And yes, you want to work here. Join us and be part of the team that runs the fun. With Main Event Entertainment (Acquired in 2022) by our side, we're amplifying the entertainment experience for our Guests and Team Members alike. Together, we're creating endless possibilities, setting the stage for unforgettable moments and lifelong memories. The fun never stops! Come be a part of something extraordinary. CAREERS: Apply online today!- https://daveandbusters.wd1.myworkdayjobs.com/Dave_and_Busters_Careers HISTORY: Read more about our culture - https://www.daveandbusters.com/us/en/about/history LOCATIONS: Find a store near you - https://www.daveandbusters.com/us/en/about/locations

Walt Disney World

cb waltdisneyworld.jobs

The Walt Disney World® Resort features four theme parks — the Magic Kingdom® Park, Epcot®, Disney's Hollywood Studios™, and Disney's Animal Kingdom® Theme Park. More than 20 resort hotels are on-site, offering several thousand rooms of themed accommodations. The nearly 40-square-miles of the Walt Disney World® Resort also feature two water parks, Disney's Blizzard Beach Water Park and Disney's Typhoon Lagoon Water Park; Disney Springs, a daytime and nighttime shopping and entertainment complex; two full-service spas; and recreational facilities including championship golf courses and a 200-acre sports complex. Complete convention and banquet events, from conferences to weddings, are tailored for business and leisure groups. In addition, off-site vacation destinations include Disney's Hilton Head Island Resort and Disney's Vero Beach Resort. Walt Disney World Resort is the largest single-site employer in the United States, employing over 80,000 cast members to bring the magic to life.

Netflix

netflix.com

Netflix is one of the world's leading entertainment services, with over 300 million paid memberships in over 190 countries enjoying TV series, films and games across a wide variety of genres and languages. Members can play, pause and resume watching as much as they want, anytime, anywhere, and can change their plans at any time.

Paramount

paramount.com

Paramount is a leading media and entertainment company that creates premium content and experiences for audiences worldwide. Driven by iconic studios, networks and streaming services, Paramount's portfolio of consumer brands includes CBS, Showtime Networks, Paramount Pictures, Skydance Animation, Skydance Sports, Nickelodeon, MTV, Comedy Central, BET, Paramount+, Skydance Games, and Pluto TV, among others. Paramount delivers the largest share of the U.S. television audience and boasts one of the industry's most important and extensive libraries of TV and film titles. In addition to offering innovative streaming services and digital video products, the company provides powerful capabilities in production, distribution and advertising solutions.

Universal Orlando Resort

UniversalOrlandoJobs.com

For years, we’ve been creating a legacy of unforgettable experiences for our Guests. Our Guests are immersed into the sights and sounds of some of the greatest movies and most legendary stories, and our Team Members are the ones who help make those incredible experiences come alive. Our Team Members realize that delivering world-class service is more than just an expectation… It’s The Universal Way. It’s who we are. It’s what we do. And it’s the reason we strive to be recognized as the number one entertainment destination in the world. As a part of the COMCAST NBCUniversal family, we are as committed as ever to continuing to build spectacular experiences based on the most compelling and dynamic movies, books and TV franchises in the universe. We are poised for growth and success and are focused on the future. Our Team Members not only deliver experiences of a lifetime, they create them! At Universal Orlando Resort™, we create a balanced and rewarding work environment while encouraging individual growth and development. As a Team Member, we’ll partner with you to help identify your personal goals and provide career guidance. Best of all, it’s our philosophy to always try and promote from within first. Now, what could be more promising than that! It’s a big Universe. Where do you fit in?

Electronic Arts (EA)

ea.com

Electronic Arts creates next-level entertainment experiences that inspire players and fans around the world. Here, everyone is part of the story. Part of a community that connects across the globe. A team where creativity thrives, new perspectives are invited, and ideas matter. Regardless of your role, team, or location, this is a place where everyone makes play happen. Join us.

TKO

cb tkogrp.com

TKO Group Holdings, Inc. (NYSE: TKO) is a premium sports and entertainment company. TKO owns iconic properties including UFC, the world’s premier mixed martial arts organization; WWE, the global leader in sports entertainment; and PBR, the world’s premier bull riding organization. Together, these properties reach 1 billion households across 210 countries and territories and organize more than 500 live events year-round, attracting more than three million fans. TKO also services and partners with major sports rights holders through IMG, an industry-leading global sports marketing agency; and On Location, a global leader in premium experiential hospitality.

Warner Bros. Discovery

wbd.com

Warner Bros. Discovery, a premier global media and entertainment company, offers audiences the world’s most differentiated and complete portfolio of content, brands and franchises across television, film, streaming and gaming. The new company combines WarnerMedia’s premium entertainment, sports and news assets with Discovery’s leading non-fiction and international entertainment and sports businesses. ****Please be aware of recruitment scams by individuals posing as employers and encouraging candidates to apply for, interview and/or accept nonexistent job opportunities as a means to solicit personal information or money. The online scammers have become much more sophisticated in their attempts to lure victims. Employment opportunities and job offers at Warner Bros. Discovery will always come from our Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you’re confident who the recipient is. WBD does not extend job offers via email or on any other messaging tools to individuals to whom we have not made prior contact. Our email domain is @wbd.com. A valid link for employment with Warner Bros. Discovery can be found at https://careers.wbd.com/global/en. If you believe you have been contacted by a scammer and may be the victim of fraud or identity theft, you should report details to the police where you live. You can also report job scams to the FTC. Learn more at https://consumer.ftc.gov/articles/job-scams. *****

Loading…

NEWS

TikTok CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

March 24, 2026 12:05 PM

MIWIC26: Motunrayo Fransisca Ogundipe, Cybersecurity Analyst at TikTok

Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the...

Read Article

February 27, 2026 08:00 AM

Is the new US TikTok safer?

In January 2026, a contingent of investors announced they had agreed to establish a new “U.S.” version of TikTok. The $14 billion deal came...

Read Article

February 05, 2026 08:00 AM

Gen Z is rebelling against TikTok USA by installing another app—founded by an Oracle alum

TikTok USA isn't just (arguably) a tool of corporate power, it doesn't seem to work as well as the old TikTok.

Read Article

February 01, 2026 08:00 AM

After TikTok: Navigating the Complex Web of Foreign Tech Bans

As federal and state governments extend their lists of banned foreign technologies, where is this trend heading next?

Read Article

January 29, 2026 08:00 AM

Q&A: Should you worry about TikTok’s new terms of service?

As American companies assumed majority ownership of TikTok, users across the United States were forced to accept new terms of service.

Read Article

January 29, 2026 08:00 AM

Local cybersecurity professor weighs in on TikTok's US ownership change

A San Diego cybersecurity professor weighs in on TikTok's U.S. ownership change as users face privacy concerns.

Read Article

January 28, 2026 08:00 AM

Local cybersecurity expert weighs in on TikTok U.S. ownership change

On Monday, TikTok reported a major infrastructure issue caused by a power outage at a U.S. data center, which may cause users to experience...

Read Article

January 28, 2026 08:00 AM

Local cybersecurity professor weighs in on TikTok's US ownership change

A San Diego cybersecurity professor weighs in on TikTok's U.S. ownership change as users face privacy concerns. Author: cbs8.com.

Read Article

January 27, 2026 08:00 AM

America Controls TikTok Now — But Is It Really Safe?

TikTok's Chinese parent company, ByteDance, relinquished control of American TikTok to the U.S. last week. But is it really safe?

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-53430

SUMMARY

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.ex and program routines 'Elixir.GRPC.Compressor.Gzip':decompress/1, 'Elixir.GRPC.Message':from_data/2. 'Elixir.GRPC.Compressor.Gzip':decompress/1 calls :zlib.gunzip/1 directly on attacker-controlled bytes with no decompressed-size limit, ratio check, or incremental decoding. Because this module is the registered gzip GRPC.Compressor implementation, it is invoked automatically whenever an incoming gRPC frame carries the grpc-encoding: gzip header. :zlib.gunzip/1 allocates the entire decompressed result as a single binary, so a small highly compressible payload (for example a few kilobytes of zeros, which gzip compresses at roughly 1000:1) expands to multiple gigabytes inside a single call. The max_receive_message_length limit is enforced only against the already-decompressed message, so it provides no protection. An unauthenticated remote peer can send a single crafted frame to exhaust the BEAM node's heap and trigger an out-of-memory kill. This issue affects grpc: from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48854

SUMMARY

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read_full_body/3 (lib/grpc/server/adapters/cowboy/handler.ex) accumulates every received chunk into a single growing binary with no size cap. Additionally, when the client omits the grpc-timeout header, the per-chunk read timeout resolves to :infinity, allowing a slow-trickle client to keep the connection alive indefinitely while memory grows. A single connection is sufficient to exhaust server memory and crash the node. This issue affects grpc from 0.3.1 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48853

SUMMARY

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code execution on the server. 'Elixir.GRPC.Codec.Erlpack':decode/2 (lib/grpc/codec/erlpack.ex) calls :erlang.binary_to_term/1 on the raw gRPC message body without the :safe option, no size bound, and no type guard. Any unauthenticated peer that sends a request with Content-Type: application/grpc+erlpack can send a crafted payload that mints arbitrary new atoms (which are never garbage-collected, exhausting the bounded atom table and crashing the VM) or that encodes a fun term which, if applied anywhere downstream, executes attacker-controlled code inside the server process. This issue affects grpc from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 9.2

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48723

SUMMARY

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function constructs a shell command by interpolating the user-controlled cypress_config_filepath value into a template literal, then executes it via child_process.execSync(). Shell metacharacters in the config path (specifically " and ;) allow breaking out of the quoted argument and injecting arbitrary commands. This issue has been fixed in version 1.36.6.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: 7.8)

cvss3

Base Score: 7.8

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

1.8

REFERENCES

CVE-2026-48599

SUMMARY

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In 'Elixir.GRPC.Server.Transcode':map_request/5 (lib/grpc/server/transcode.ex), all three clauses use Map.merge/2 with path bindings as the first argument, giving them the lowest merge precedence. A request such as GET /users/me/profile?user_id=victim (or a POST with {"user_id": "victim"} when body: "*") yields a decoded protobuf struct where the path-bound field carries the attacker-supplied value rather than the router-extracted value. Any handler that uses the path-bound field for authorization, multi-tenancy scoping, or ownership checks is silently bypassed. This issue affects grpc from 0.8.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 7.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…