A security breach in TikTok allowed to manipulate user data

A security breach in TikTok allowed to manipulate user data

The security breach was detected by the cybersecurity company Check Point Research and the application can now be used normally

TikTok, the most downloaded mobile application in the world just behind WhatsApp and Messenger, has had a serious security flaw that allowed cybercriminals to manipulate the data of users of the Chinese social network.

The security breach was detected by the cybersecurity company Check Point Research and has already been solved by the developers of the application so that TikTok users (more than a billion in more than 150 countries) can now make normal use of the service, Check Point reports in a statement. To download TikTok, a new user receives a download link through an SMS; After this, you must enter your phone number.

Check Point experts discovered that an attacker could impersonate the application and send a fake SMS with a malicious link: when the user opened it, it allowed the cybercriminal to access his TikTok account and manipulate its content.

With this, cybercriminals could manipulate data (add/remove videos), change the configuration of videos from private to public and access and extract personal data (full name, email address, birthdays, etc.) saved in these accounts.

TikTok is one of the fastest-growing applications in recent times, especially among young people. The social network has achieved its success by guarding private videos of users and their loved ones (which may have very sensitive content), an application that, however, involves many risks, the statement warns.

This same week, the United States Army has banned its use to its soldiers as they considered this application a “cyber threat”, recalls the Check Point note.

“Data security breaches are becoming an epidemic, and our latest research shows that the most popular applications are still at risk,” warns Oded Vanunu, head of Product Vulnerability Research at Check Point.

“Social network applications are very susceptible, as they provide a good source of private data and open an attack door. Cybercriminals are investing large amounts of money and dedicating many efforts to penetrate such massive applications. However, most users assume that they are protected by the application they are using,” he concludes.