Cybersecurity researchers discovered a potential data breach in China’s short-form video app TikTok on Monday, allegedly involving up to 2 billion user database records.
Several cybersecurity analysts tweeted about the discovery of what was “a breach of an insecure server that allowed access to TikTok storage, which they believe contained users’ personal data.”
“This is your warning. #TikTok has reportedly suffered a #data breach, and if true, there may be fallout in the coming days. We recommend that you change your TikTok #password and activate the two-factor authentication, if you haven’t already,” BeeHive CyberSecurity tweeted.
“We have reviewed a sample of the extracted data. To our email subscribers and private customers, we have already sent warning communications,” he added.
Troy Hunt, creator of data breach reporting site haveibeenpwned, posted a Twitter thread to check whether the sample data is genuine or not. For him, the evidence is “at the moment rather inconclusive”.
BlueHornet | AgaisntTheWest has posted full details on the hacked forums.
“Who would have thought that @TikTok would decide to store all their internal source code on an Alibaba Cloud instance using a rotten password?” they tweeted, explaining how easily they could download the data.
A TikTok spokesperson reportedly said in news reports that their security team “investigated this statement and determined that the code in question had no relation to TikTok’s main source code.”
The Microsoft 365 Defender research team has just discovered a vulnerability in the TikTok app for Android that can allow hackers to take control of private, short videos of millions of users after they click on a malicious link .
Microsoft discovered a high-severity vulnerability in the TikTok Android app that could have allowed attackers to compromise user accounts with a single click.
The vulnerability, which would have required a chain of several issues to be exploited, has now been patched by the Chinese company.
“Attackers could have exploited the vulnerability to hijack an account without users’ knowledge if a targeted user had simply clicked on a specially crafted link,” the tech giant said in a statement last week.
(Only the title and image of this report may have been edited by Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)