The short-form video sensation TikTok, one of the most downloaded apps in the world, protects the personal information of over a billion users, so its data security is under close scrutiny.
n On Monday, multiple cybersecurity analysts tweeted about their discovery of an alleged breach of an insecure server that allowed access to TikTok’s storage. They believe it contains personal user data. Just a few days ago, Microsoft Corp. announced that it had discovered a “serious vulnerability” in her Android application on TikTok that “could allow an attacker to compromise a user’s account with a single click.”
ByteDance Ltd.’s TikTok surpassed 1 billion monthly users a year ago and now ranks as the favorite app of many young people. This makes them attractive targets for hackers looking to hijack popular accounts or resell sensitive information. It was nearly banned by the Trump administration in 2020 after it was identified as a privacy threat and concerned about potential ties between its Beijing-based parent company and the Chinese government.
TikTok said the infringement claims discovered over the weekend were incorrect. “Our security team has investigated this statement and determined that the code in question has nothing to do with TikTok’s backend source code,” a spokesperson said.
Troy Hunt, an Australian web security consultant, examined some of the data samples contained in the leaked files and found matches for user profiles and videos posted under those IDs. However, some of the details included in the leak were “public data that could have been constructed without violation.”
“This has so far been fairly inconclusive. Some data is consistent with production information, albeit publicly available information. Some data is junk, but non-production data or It could be test data,” he posted on Twitter. “So far it’s been a bit of a mixed bag.”
The vulnerability identified by Microsoft is a narrower issue that can affect phones running Android. Dimitrios Valsamaras of the Microsoft 365 Defender Research Team said the attackers “could have allowed them to access and modify TikTok profiles and sensitive information. For example, they could publish private videos or send messages. or upload videos on your behalf.
A TikTok spokesperson said the company responded quickly to Microsoft’s findings and fixed security flaws found “in some older versions of the Android app.”
TikTok and its parent company will be in the spotlight at a time when the United States may step up action against companies with Chinese ties, even if the issue is inconclusive or minor. In June, nine U.S. senators sent an open letter to TikTok’s CEO asking him to explain the alleged security breach.
President Joe Biden is expected to sign an executive order restricting U.S. investments in Chinese tech companies, with the administration paying close attention to whether the Chinese government has access to U.S. customer data. Therefore, different actions targeting TikTok are possible. The company has told US lawmakers it is taking steps to protect its data through a contract with Oracle Corp.
“A lot of attention has been focused on how TikTok operates, and there is a big gap between how it operates and how it actually operates,” said a joint Australian-US cybersecurity company, Internet 2.0 Inc. CEO Robert Potter said.
In July, Potter’s team found in a report that it found “excessive data collection” that TikTok performed on users’ devices, that the app checked the device’s location at least once an hour, revealed that it has code to collect serial numbers for both. SIM card.
