TikTok’s database could have been queried by hackers, facilitating privacy violations.
The social media company which has more than 800 million active users world wide, had a vulnerability which allowed hackers to extract phone numbers, user IDs and other information, that could be used for phishing attacks.
The vulnerability which was already patched before being disclosed existed in the “Find Friends” feature of the app. This functionality allowed users to discover friends with TikTok accounts by matching phone numbers from the users’ contacts with users’ profile details. Researchers and supposedly hackers could use this feature to query TikTok’s entire database.
TikTok was under the radar for their privacy policies and quite criticisez for the various vulnerabilities that were found in the platform. Researchers found out that using the most dangerous vulnerabilities, hackers can take over parts of a users’ account, allowing actions like managing videos or changing important settings.
“The vulnerability could have allowed an attacker to build a database of user details and their respective phone numbers.[…] An attacker with that degree of sensitive information could perform a range of malicious activities, such as spear phishing or other criminal actions.”Oded Vanunu, head of products vulnerabilities research at Check Point
Check the source.
- Fresh COVID-19 Phish: Cybercrooks Impersonate Pfizer In Request For Quotation ScamBad guys exploiting the COVID-19 pandemic is nothing new under the sun. However, the newest highly-targeted phishing campaign impersonating […]
- Ransomware Attack Hits McMenamins; 2,700 Employee Records Potentially LeakedA recent attack targeted McMenamins, a popular family-run chain of hotels, restaurants, and breweries. The company is still experiencing […]
- The Number Of Double-Extortion Ransomware Victims Sees Massive 935% Increase In 2021A jaw-dropping three-digit spike in the number of companies hit with double-extortion ransomware attacks, most likely due to easy […]
- Cybercrooks Aiming To Take Over 1.6M WordPress Sites In Active AttackThreat actors are actively exploiting security flaws in four plugins and Epsilon themes to assign themselves administrative accounts and […]
- Cuba Ransomware Group Raked In $44M In Payouts, The FBI SaysThe Cuba ransomware gang is a wide range of tools and malware to launch and conduct attacks targeting organizations […]