Cyber security news for all


    Several Gaps In Tiktok Allowed Attackers To Access User Data

    Security researchers have discovered a number of vulnerabilities in the popular video app Tiktok. At the heart of the vulnerability was a feature on the Tiktok website that allowed attackers to text Tiktok to their potential victims. The attacker could then have integrated his own link into the SMS. This way you could have forwarded victims to a phishing site. It was also possible to send commands to the victim’s Tiktok app using the link, for example to delete or create videos on your behalf. In addition, private videos could have been converted into public videos.


    Tiktok User Data Was At Risk

    The researchers also found a way in their tests to access sensitive user data such as email address, date of birth or payment information via the Tiktok API. There were security mechanisms that should have prevented unauthorized access to this data, but the security experts were able to override them.

    Attackers were able to use the vulnerabilities to access and manipulate the content and user accounts of Tiktok users. The attackers were also able to gain access to the user accounts and thus obtain personal information such as email addresses and contact details. The attackers only had to send a fake SMS message to a user with a correspondingly prepared link. As soon as this link was clicked, the attackers could access the user account. In this way, unauthorized persons could also gain access to private videos of Tiktok users.

    Marketing Threat On Tiktok?

    More and more brands and companies are also creating an account on TikTok in order to reach the young target group. The download numbers show how high the marketing potential of the platform can be, but company accounts also have to deal with the security of the platform. The US Army recently prohibited its soldiers from using the app on their service smartphone after attempting to recruit new soldiers via the platform in October. They stated that TikTok was a potential security risk for the United States.

    Recent Articles

    Russian Cybercriminal Behind “Cardplanet” Site Sentenced

    According to the United States Department of Justice, a Russian cybercriminal, Aleksey Burkov, 30—who operated Cardplanet site: a site that trafficked stolen card details—has...

    Hackers Used Malicious Docker Images to Mine Monero

    Researchers found malicious images on Docker Hub used for crypto mining. Palo Alto Networks' Unit  42, unraveled a crypto mining scheme which uses malicious Docker...

    NSA outlines requirements for secure collaboration services for US government telework

    The new National Security Agency (NSA) guidelines are a window of security for users. Everyone has been trying to return to their lives since...

    Cybercriminals threaten to sell off “scandalous” files swiped from Mariah Carey, Nicki Minaj, Puff Daddy’s legal eagles

    There's no escaping these cybercriminals. In a recent case of "cyber-extortion," threat actors known as REvil, are threatening to expose celebrity "dirt." These threat actors...

    Twitter apologises for exposed customers data

    In what is described as a "data security incident," sensitive details of Twitter's customers were exposed. Unlike other cases of a breach which are...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox