- Joined
- Jan 8, 2019
- Messages
- 56,623
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,456
- Points
- 2,313
- Credits
- 32,750
6 Years of Service
76%
Triller User Info Grabber
Returns Triller users' exact locations, date of birth, mobile operating systems and more.
Information
So, I was bored and monitored a few requests in the official Triller mobile application. I found some interesting data that should not be returned in plain text or even returned at all. If you report a comment on a Triller video, it returns the EXACT location (in latitude and longitude) of where the comment was posted from, the user's date of birth, operating system, gender and more. I made a simple script filtering verified users and a few celebrities of my choice. However, it looks like it has been patched and that they are aware of this issue, because it only works on old comments.
There are other ways of fetching this data — without having to spam report; but I found them after this one. I am still surprised how people think Triller is more secure than TikTok; your data is not safe with them.
Please refrain from using this tool as it is spamming Triller's API. I posted this to demonstrate how your information can easily be leaked. You should not trust every application.
I used a static auth_token and one proxy to make it easier for them to clean up the mess. I am hoping for this to get patched, but meanwhile, using this will be under your own responsibility.