TikTok’s database could have been queried by hackers, facilitating privacy violations.
The social media company which has more than 800 million active users world wide, had a vulnerability which allowed hackers to extract phone numbers, user IDs and other information, that could be used for phishing attacks.
The vulnerability which was already patched before being disclosed existed in the “Find Friends” feature of the app. This functionality allowed users to discover friends with TikTok accounts by matching phone numbers from the users’ contacts with users’ profile details. Researchers and supposedly hackers could use this feature to query TikTok’s entire database.
TikTok was under the radar for their privacy policies and quite criticisez for the various vulnerabilities that were found in the platform. Researchers found out that using the most dangerous vulnerabilities, hackers can take over parts of a users’ account, allowing actions like managing videos or changing important settings.
“The vulnerability could have allowed an attacker to build a database of user details and their respective phone numbers.[…] An attacker with that degree of sensitive information could perform a range of malicious activities, such as spear phishing or other criminal actions.”Oded Vanunu, head of products vulnerabilities research at Check Point
Check the source.
- Most Companies Aren’t Ready For The Greatest Cyber Threat Of 2021 – RansomwareOne would think that ransomware, currently the most significant cyber threat out there, keeps all organizations on edge and […]
- Patch These 5 Vulnerabilities Now To Protect Your Company From Ransomware AttacksHackers are actively exploiting years-old security vulnerabilities to launch ransomware attacks because organizations skip on patching them. Some of […]
- Fileless And Encrypted Malware Saw Massive Growth in Q2 2021A new report analyzing malware trends in the second quarter of 2021 shows that cyber threats are becoming stealthier, […]
- Massive Phishing Attack Hits At Least 6,000 Coinbase UsersCrypto exchange Coinbase confirmed that funds were stolen from at least 6,000 accounts in a vast phishing attack this […]
- The 3 Top Ransomware Threats Might Surprise YouNo, it’s not Revil, Ragnar Locker, BlackMatter, or Conti to make it to the top three ransomware threats responsible […]