A TikTok breach puts hundreds of millions of the popular social media users at risk of having their accounts hijacked. The flaw would have allowed hackers to take over a TikTok user’s account by convincing them to click on a single link, according to the researchers.
About the TikTok Breach
“Assailants could have leveraged the vulnerability to hijack an account without users’ awareness if a targeted user simply clicked a specially crafted link,” Dimitrios Valsamaras of Microsoft’s 365 Defender research team wrote.
“Attackers could then have gained access to and altered users’ TikTok profiles and sensitive information, such as publicizing private videos, sending messages, and uploading videos on users’ behalf.” TikTok fixed the flaw after Microsoft notified them of it, and neither company claims that hackers used it.
The iPhone version of the app, according to reports, was unaffected. The Chinese-owned social media app is used by over 1 billion people.
“We discovered and quickly fixed a vulnerability in some older versions of the Android app through our collaboration with Microsoft security researchers,” a TikTok spokesperson told The Washington Post. “We appreciate Microsoft researchers’ efforts in identifying potential problems and resolving them.”
If the flaw had gone undetected, it could have impacted hundreds of millions of Android users around the world. The TikTok app has been downloaded from the Google Play Store over 1.5 billion times.
The security team, according to Microsoft’s report, was able to create a link that allowed them to access a user’s account without knowing the user’s password.
When a user clicked on the link as part of a test, Microsoft was able to change the user’s account to “!! SECURITY BREACH!!!.”
A competitive online game enthusiast who has potato aim and grandma reflexes, but still enjoy writing about various games.