Cybersecurity experts allegedly found up to 2 billion user database records hacked in the Chinese short-form video app TikTok on Monday.
Cyber security analysts tweeted “a breach of an insecure server that allowed access to TikTok’s storage, which they believe contained personal user data”.
“We’ve reviewed a sample of the extracted data. To our email subscribers and private clients, we’ve already sent out warning communications,” it added.
Troy Hunt, the founder of the data breach news website haveibeenpwned, created a thread on Twitter to check the veracity of the sample data. He believes that the evidence is “so far pretty inconclusive”.
BlueHornet|AgaisntTheWest posted all the details on breached forums. ( His tweets are private at the moment, We’ve skipped embedding them )
“Who would have thought that TikTok would decide to store all their internal backend source code on one Alibaba Cloud instance using a trashy password?” they tweeted, posting about how easily they could download the data.
A TikTok spokesperson was quoted as saying in news reports that their security team “investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code”.
The TikTok app for Android has a vulnerability that, if exploited by Microsoft 365 Defender Research Team, may let hackers to take control of millions of users’ private, short-form movies after they clicked on a malicious link.
In the TikTok Android app, Microsoft found a high-severity vulnerability that could have given attackers access to users’ accounts with just one click.
TikTok has since patched the vulnerability, which would have needed a sequence of problems to be exploited.
“Attackers could have leveraged the vulnerability to hijack an account without users’ awareness if a targeted user simply clicked a specially crafted link,” the tech giant said in a statement last week.
It is recommended to everyone those who use TikTok, to change their passwords, and enable two factor authentications as a security measure.
(Inputs from IANS)
Sources : MSN