TikTok’s database could have been queried by hackers, facilitating privacy violations.
The social media company which has more than 800 million active users world wide, had a vulnerability which allowed hackers to extract phone numbers, user IDs and other information, that could be used for phishing attacks.
The vulnerability which was already patched before being disclosed existed in the “Find Friends” feature of the app. This functionality allowed users to discover friends with TikTok accounts by matching phone numbers from the users’ contacts with users’ profile details. Researchers and supposedly hackers could use this feature to query TikTok’s entire database.
TikTok was under the radar for their privacy policies and quite criticisez for the various vulnerabilities that were found in the platform. Researchers found out that using the most dangerous vulnerabilities, hackers can take over parts of a users’ account, allowing actions like managing videos or changing important settings.
“The vulnerability could have allowed an attacker to build a database of user details and their respective phone numbers.[…] An attacker with that degree of sensitive information could perform a range of malicious activities, such as spear phishing or other criminal actions.”Oded Vanunu, head of products vulnerabilities research at Check Point
Check the source.
- Users of popular crypto app Maiar are targetted by SMiShingMaiar is a digital crypto wallet and global payments app that allows users to exchange and securely store money […]
- PHOBOS Ransomware Attack Hits Romanian Hospital on July 22A ransomware attack targeted Witting Clinical Hospital in Bucharest. Hackers took control of the healthcare provider’s servers, encrypted the […]
- 740 Ransomware Victims Listed On Data Leak Sites in Q2 2021, New Report ShowsA new report from Digital Shadow highlights the worrying information that the number of ransomware victims named on data […]
- Kaseya Gets Universal Decryptor for REvil RansomwareThe decryptor vendor will work closely with customers affected by this July’s outbreak of ransomware attacks to help recover […]
- Possibly the Highest Ransomware Payment Ever: CNA reportedly paid $40 million to hackersOne of the biggest US insurance companies, CNA, paid a ransom worth $40 million to attackers after a massive […]