Multiple loopholes allowed potential hackers total control over TikTok accounts
Hackers could collect confidential information from users via SMS containing a malicious link
India is one of its biggest markets with over 300 Mn active users
Chinese short video app TikTok has confirmed fixing a vulnerability in its app that allowed hackers to manipulate content, delete videos, upload unauthorized videos, make private ‘hidden’ videos public and extract confidential information of users via SMS containing a malicious link.
US-based cybersecurity firm Check Point Research exposed the vulnerability — its team discovered multiple loopholes which a potential hacker can use to conduct the attack which gives total control over TikTok accounts.
Currently, TikTok has more than one billion monthly active users across its apps, with India being one of its biggest markets with over 300 Mn active users. India is also one of the fastest-growing markets for TikTok, but the recent breach brings the safety of Indian users into question, many of whom are young adults and teenagers, as well as new users unfamiliar with security threats.
TikTok Security And Privacy Issues
The Check Point Research had also found that the TikTok advertisements subdomain was vulnerable to Cross-Site Scripting (XSS) attacks. This type of attack uses malicious scripts that are injected into trusted websites. Once a user clicks on this, an attacker could access personal information saved on user accounts, including email addresses, birth dates using this vulnerability.
This also comes at a time when TikTok was forced to sell the majority stake in order to remain in the US, which is one of the prominent markets. If the sale happens, the parent company ByteDance is expected to fetch $10 Bn through this deal, the reports stated. However, the US-China trade war has put TikTok in a bad spotlight.