TikTok flaw exposes phone numbers and user ids

by | January 26, 2021 | Cybersecurity News

TikTok’s database could have been queried by hackers, facilitating privacy violations. 

The social media company which has more than 800 million active users world wide, had a vulnerability which allowed hackers to extract phone numbers, user IDs and other information, that could be used for phishing attacks.

The vulnerability which was already patched before being disclosed existed in the “Find Friends” feature of the app. This functionality allowed users to discover friends with TikTok accounts by matching phone numbers from the users’ contacts with users’ profile details. Researchers and supposedly hackers could use this feature to query TikTok’s entire database.

TikTok was under the radar for their privacy policies and quite criticisez for the various vulnerabilities that were found in the platform. Researchers found out that using the most dangerous vulnerabilities, hackers can take over parts of a users’ account, allowing actions like managing videos or changing important settings.

“The vulnerability could have allowed an attacker to build a database of user details and their respective phone numbers.[…] An attacker with that degree of sensitive information could perform a range of malicious activities, such as spear phishing or other criminal actions.”

Oded Vanunu, head of products vulnerabilities research at Check Point

Check the source.

Read More


Photo by Hello I’m Nik on Unsplash

by Dan Florian

Product owner and co-founder of ATTACK Simulator. Dan likes to code, is passionate about design, and loves running and swimming.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.