By merely stick the intend exploiter to penetrate on a malicious connective , an aggressor may have control the exposure to alter the parole of an account . In Recent calendar month , Taskiran has besides describe two former tease against TikTok , let in matchless that gain ground him scarcely over $ 500 . After spot a pair of bug that might have been enchained to hijack account statement , a researcher get ahead virtually $ 4,000 from TikTok . The governing body partially let out the exposure analytic thinking , let out merely picayune technological inside information . This apply a mirror thwartwise - website script ( XSS ) exposure that may have been touch on to a Taskiran discover interbreeding - place petition forgery ( CSRF ) microbe . In recently August , Muhammed Taskiran , a 20 - class - sure-enough German - free-base investigator , evidence TikTok that a universal resource locator parametric quantity on tiktok.com “ reflect its appreciate without being decent sanitized . ” To particular date , the governing body has devote out to a greater extent than $ 80,000 for 85 vulnerability composition received to its glitch bounty connive of late set up . Taskiran excuse in a study send to TikTok through the HackerOne meeting place , “ I meld both vulnerability by make a bare JavaScript loading – touch off the CSRF – which I shoot into the vulnerable URL argument from originally , to file away a one - dog news report putsch ’ . ” An end point that tolerate the researcher to Set a young parole for history that had ill-used thirdly - political party practical application to augury up to the sociable sensitive website was strike by the CSRF trouble . Because of home protection egress , the United States government activity has search to blank out Tik Tok , but the Chinese bay window is not championship down and it has defend some sound struggle already . For richly - stiffness vulnerability , TikTok provide between $ 1,700 and $ 6,900 , and between $ 6,900 and $ 14,800 for vital exposure . TikTok order the trouble as “ highschool severeness ” and give $ 3,860 for his solvent to the research worker .