TikTok’s database could have been queried by hackers, facilitating privacy violations.
The social media company which has more than 800 million active users world wide, had a vulnerability which allowed hackers to extract phone numbers, user IDs and other information, that could be used for phishing attacks.
The vulnerability which was already patched before being disclosed existed in the “Find Friends” feature of the app. This functionality allowed users to discover friends with TikTok accounts by matching phone numbers from the users’ contacts with users’ profile details. Researchers and supposedly hackers could use this feature to query TikTok’s entire database.
TikTok was under the radar for their privacy policies and quite criticisez for the various vulnerabilities that were found in the platform. Researchers found out that using the most dangerous vulnerabilities, hackers can take over parts of a users’ account, allowing actions like managing videos or changing important settings.
“The vulnerability could have allowed an attacker to build a database of user details and their respective phone numbers.[…] An attacker with that degree of sensitive information could perform a range of malicious activities, such as spear phishing or other criminal actions.”Oded Vanunu, head of products vulnerabilities research at Check Point
Check the source.
- This Disney Plus Scam Is After Your Bank InfoA newly discovered Disney Plus scam is phishing for your banking information, using an e-mail with a very eye-catching […]
- ChatGPT Might Boost Phishing Scams In 2023, Experts WarnWhile AI’s immensely popular ChatGPT is a very useful tool for writers and creators worldwide, it might also help […]
- Devastating Ransomware Attack: Oakland Declares State of EmergencyIn the wake of a massive ransomware attack that left the city with no choice but to shut its […]
- H0lyGh0st Ransomware After Small and Midsize BusinessesMicrosoft has linked H0lyGh0st, a cyberthreat that emerged in June 2021 and targets small-to-midsized businesses, to North Korean state-sponsored […]
- Popular NFT Marketplace Ravaged by $540M Phishing SchemeIn March, a North Korean APT netted $540 million thanks to a massive phishing operation carried out on the […]