Skip to main content

TikTok vulnerability could have allowed hackers to take over users’ profiles

Israel-based security research firm Check Point says it found multiple severe loopholes within short-form video app, TikTok that could have potentially allowed hackers to take over users’ accounts, access their private data, and upload videos on their behalf. The vulnerability made it possible for intruders to masquerade as TikTok and send official text messages with malicious links.

The vulnerabilities have been patched since November when Check Point discovered them and warned TikTok through server-side changes as well as app updates. Therefore, if you haven’t updated TikTok in a while, head over to the app store and do so immediately.

“TikTok is committed to protecting user data. Like many organizations, we encourage responsible security researchers to privately disclose zero-day vulnerabilities to us. Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers,” said Luke Deshotels, a member of TikTok’s team of security researchers, in a statement.

The bug originated from the download link request feature on TikTok’s website. But due to a programming oversight, hackers could tap into the company’s official SMS channel, and instead of the download link, forward users a malicious one. When someone clicked on it, they would unknowingly end up ceding access to a range of sensitive sections of their TikTok account. Once in, the hacker could upload videos, make private posts public, delete files, view personal information such as email addresses, and more.

That’s not all. Check Point was able to unearth another security loophole which could have let hackers gain access to TikTok’s database of millions of users by inserting a piece of malicious code inside the official website. The firm’s researchers, through this, managed to retrieve accounts’ private data including their names and birth dates.

TikTok claims it hasn’t found any affected users or instances of abuse yet.

In a little over two years, TikTok has rapidly accumulated over a billion users and downloads across the globe. However, the social network has come under lawmakers’ crosshairs in the United States primarily due to its Chinese roots. Privacy vulnerabilities such as this one could end up compounding those concerns further.

To combat the increased scrutiny, TikTok’s parent company, ByteDance has mulled setting up a headquarters outside of China. A recent Bloomberg report also said that ByteDance may be considering letting go of TikTok altogether or sell a majority stake to put an end to the growing concerns.

Editors' Recommendations

Shubham Agarwal
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
Is TikTok leaking drafts? Let’s take a closer look at this rumor
The TikTok app on a smartphone's screen. The smartphone is sitting on a white table.

Not every social media post is ready for prime time. Sometimes you write a post or film a video and decide that it's better to not publish it. That's fine. That's what the Drafts folder is for. That folder is built to hold your works-in-progress, mistakes, and other too-goofy-for-public-consumption posts and videos. The Drafts folder is probably one that you take for granted, but what if that folder (via a particularly viral-prone social media platform) were to have its content leaked and published for the world to see? Scary, isn't it?

That's the fear that's behind a certain, now years-long TikTok rumor going around. But is it true? Is TikTok leaking its users' drafts? In this guide, we're taking a closer look at this rumor and fact-checking it.
The rumor
As far as we can tell, the whole "TikTok leaks drafts" rumor dates back to at least the summer of 2020. It's not a rumor that really made mainstream news headlines, but it did get some coverage with lesser-known websites, and it does have a tendency to resurface repeatedly. The last time it resurfaced was in August 2022. Here's what we know about it:

Read more
TikTok pivots to photos while its competitors are still chasing its viral videos
Smartphone with TikTok's Photo Mode all on a white background.

TikTok's competitors have been all over the news recently for essentially copying the short-form video sharing app's  most successful moves. But while everyone else is pivoting to video, TikTok is now taking swings in the other direction: photos.

On Thursday, TikTok announced a slew of new editing and creation features, but the one tool that caught our eye was Photo Mode. Because the image that TikTok shared in its official announcement depicted a photo carousel-style image post that looks a lot like Instagram.

Read more
New feature shows that even Twitter wants to be like TikTok now
Twitter's new full screen feature for videos on the mobile app.

Is TikTok the new queen bee of social media? It appears so as even Twitter couldn't resist copying TikTok. Twitter's latest feature announcement seems to be yet another indication that the viral video app sensation is clearly the new leader among its peers. After all, TikTok is setting trends and its competitors are all following them.

On Thursday, Twitter announced two new video-focused features for its app and one of those features bears a strong resemblance to TikTok. That feature (known as the "immersive media viewer") allows users to open videos in a vertical "full-screen mode" -- just like TikTok -- and continue to view more videos by swiping up (also just like TikTok).

Read more