TikTok has reportedly suffered a data breach, put hundreds of millions at hacking risk [Update]
According to Microsoft’s cybersecurity team, a “high severity” security flaw in TikTok’s Android app puts hundreds of millions of the popular social media app’s users at risk of having their accounts hijacked. According to the researchers, the flaw would have allowed hackers to take over a TikTok user’s account by convincing them to click on a single link.
“If a targeted user simply clicked a specially crafted link, attackers could have leveraged the vulnerability to hijack an account without users’ awareness,” Dimitrios Valsamaras of Microsoft’s 365 Defender research team wrote.
“Attackers could then have accessed and changed users’ TikTok profiles and sensitive information, such as publicizing private videos, sending messages, and uploading videos on users’ behalf.” TikTok fixed the flaw after Microsoft alerted them to it, and neither company claims that hackers exploited it.
According to reports, the iPhone version of the app was unaffected. More than 1 billion people use the Chinese-owned social media app.
“Through our collaboration with Microsoft security researchers, we discovered and quickly fixed a vulnerability in some older versions of the Android app,” a TikTok spokesperson told The Washington Post. “We appreciate the Microsoft researchers’ efforts in identifying potential issues so that we can resolve them.”
If the flaw had gone undetected, it could have affected hundreds of millions of Android users worldwide. The TikTok app has been downloaded over 1.5 billion times from the Google Play Store.
According to Microsoft’s report, the security team was able to create a link that allowed them to access a user’s account without knowing the user’s password.
As part of a test, when a user clicked on the link, Microsoft was able to change the user’s account to “!! SECURITY BREACH!!!.”
This is your forewarning. #TikTok has reportedly suffered a #data #breach, and if true there may be fallout from it in the coming days. We recommend you change your TikTok #password and enable Two-Factor Authentication, if you have not done so already. pic.twitter.com/SvifAp5B24
— BeeHive CyberSecurity (@BeeHiveCyberSec) September 4, 2022
UPDATE From TikTok
“Our security team has found no evidence of a security breach. We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases. The samples also appear to contain data from one or more third-party sources not affiliated with TikTok. We do not believe users need to take any proactive actions, and we remain committed to the safety and security of our global community.” A TikTok spokesperson
