Skip to main content

TikTok vulnerability could have allowed hackers to take over users’ profiles

Israel-based security research firm Check Point says it found multiple severe loopholes within short-form video app, TikTok that could have potentially allowed hackers to take over users’ accounts, access their private data, and upload videos on their behalf. The vulnerability made it possible for intruders to masquerade as TikTok and send official text messages with malicious links.

The vulnerabilities have been patched since November when Check Point discovered them and warned TikTok through server-side changes as well as app updates. Therefore, if you haven’t updated TikTok in a while, head over to the app store and do so immediately.

“TikTok is committed to protecting user data. Like many organizations, we encourage responsible security researchers to privately disclose zero-day vulnerabilities to us. Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers,” said Luke Deshotels, a member of TikTok’s team of security researchers, in a statement.

The bug originated from the download link request feature on TikTok’s website. But due to a programming oversight, hackers could tap into the company’s official SMS channel, and instead of the download link, forward users a malicious one. When someone clicked on it, they would unknowingly end up ceding access to a range of sensitive sections of their TikTok account. Once in, the hacker could upload videos, make private posts public, delete files, view personal information such as email addresses, and more.

That’s not all. Check Point was able to unearth another security loophole which could have let hackers gain access to TikTok’s database of millions of users by inserting a piece of malicious code inside the official website. The firm’s researchers, through this, managed to retrieve accounts’ private data including their names and birth dates.

TikTok claims it hasn’t found any affected users or instances of abuse yet.

In a little over two years, TikTok has rapidly accumulated over a billion users and downloads across the globe. However, the social network has come under lawmakers’ crosshairs in the United States primarily due to its Chinese roots. Privacy vulnerabilities such as this one could end up compounding those concerns further.

To combat the increased scrutiny, TikTok’s parent company, ByteDance has mulled setting up a headquarters outside of China. A recent Bloomberg report also said that ByteDance may be considering letting go of TikTok altogether or sell a majority stake to put an end to the growing concerns.

Editors' Recommendations

Shubham Agarwal
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
Clear Mode on TikTok: Here’s what it is and how to use it
The TikTok app on a smartphone's screen. The smartphone is sitting on a white table.

When it comes to its features, TikTok is most known for all the fun bells and whistles you can add to a video that you create for its short-form video-sharing platform.

But what about the app's video-watching features? Those might be lesser known to you (or just less noticeable) because they're part of a more passive way of experiencing TikTok. But despite how easily video-watching features can fly under the radar, there is one new TikTok feature, that's worth knowing about. It's called "Clear Mode."

Read more
TikTok is launching a dedicated gaming channel
Person's hand holding a smartphone with TikTok's logo on screen, all in front of a blurred background.

TikTok is moving further into the games industry by launching its own dedicated gaming channel.

According to a report from Financial Times, the channel will allow TikTok users to access games by pressing a tab on the ByteDance-owned social media platform's homepage. Four people familiar with the matter said that the channel will feature a variety of mobile games — some of which the company already developed — with ads and additional content that users can purchase.

Read more
Is TikTok leaking drafts? Let’s take a closer look at this rumor
The TikTok app on a smartphone's screen. The smartphone is sitting on a white table.

Not every social media post is ready for prime time. Sometimes you write a post or film a video and decide that it's better to not publish it. That's fine. That's what the Drafts folder is for. That folder is built to hold your works-in-progress, mistakes, and other too-goofy-for-public-consumption posts and videos. The Drafts folder is probably one that you take for granted, but what if that folder (via a particularly viral-prone social media platform) were to have its content leaked and published for the world to see? Scary, isn't it?

That's the fear that's behind a certain, now years-long TikTok rumor going around. But is it true? Is TikTok leaking its users' drafts? In this guide, we're taking a closer look at this rumor and fact-checking it.
The rumor
As far as we can tell, the whole "TikTok leaks drafts" rumor dates back to at least the summer of 2020. It's not a rumor that really made mainstream news headlines, but it did get some coverage with lesser-known websites, and it does have a tendency to resurface repeatedly. The last time it resurfaced was in August 2022. Here's what we know about it:

Read more