Skip to main content
  1. Home
  2. Social Media
  3. News

TikTok vulnerability could have allowed hackers to take over users’ profiles

Shubham Agarwal
By

Israel-based security research firm Check Point says it found multiple severe loopholes within short-form video app, TikTok that could have potentially allowed hackers to take over users’ accounts, access their private data, and upload videos on their behalf. The vulnerability made it possible for intruders to masquerade as TikTok and send official text messages with malicious links.

The vulnerabilities have been patched since November when Check Point discovered them and warned TikTok through server-side changes as well as app updates. Therefore, if you haven’t updated TikTok in a while, head over to the app store and do so immediately.

“TikTok is committed to protecting user data. Like many organizations, we encourage responsible security researchers to privately disclose zero-day vulnerabilities to us. Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers,” said Luke Deshotels, a member of TikTok’s team of security researchers, in a statement.

Related

The bug originated from the download link request feature on TikTok’s website. But due to a programming oversight, hackers could tap into the company’s official SMS channel, and instead of the download link, forward users a malicious one. When someone clicked on it, they would unknowingly end up ceding access to a range of sensitive sections of their TikTok account. Once in, the hacker could upload videos, make private posts public, delete files, view personal information such as email addresses, and more.

That’s not all. Check Point was able to unearth another security loophole which could have let hackers gain access to TikTok’s database of millions of users by inserting a piece of malicious code inside the official website. The firm’s researchers, through this, managed to retrieve accounts’ private data including their names and birth dates.

TikTok claims it hasn’t found any affected users or instances of abuse yet.

In a little over two years, TikTok has rapidly accumulated over a billion users and downloads across the globe. However, the social network has come under lawmakers’ crosshairs in the United States primarily due to its Chinese roots. Privacy vulnerabilities such as this one could end up compounding those concerns further.

To combat the increased scrutiny, TikTok’s parent company, ByteDance has mulled setting up a headquarters outside of China. A recent Bloomberg report also said that ByteDance may be considering letting go of TikTok altogether or sell a majority stake to put an end to the growing concerns.

Editors' Recommendations

Twitter’s SMS two-factor authentication is having issues. Here’s how to switch methods
A person's hands holding a smartphone as they browse Twitter on it.
Clear Mode on TikTok: Here’s what it is and how to use it
The TikTok app on a smartphone's screen. The smartphone is sitting on a white table.
Having trouble accessing your Instagram account? You’re not alone
Instagram being used on an iPhone.
TikTok is launching a dedicated gaming channel
Person's hand holding a smartphone with TikTok's logo on screen, all in front of a blurred background.
Elon Musk reveals date for Twitter Blue relaunch
A stylized composite of the Twitter logo.
What is Twitter Blue and is it worth it?
Twitter Blue menu option on a white screen background which is on a black background.
Twitter closes offices as ‘work pledge’ deadline passes
A stylized composite of the Twitter logo.
What is Ambient Mode on YouTube?
The red and white YouTube logo on a phone screen. The phone is on a white background.
What is BeReal?
BeReal app notification on an Apple Watch.
How to delete a BeReal post
BeReal app showing a photo of some clothes.
How to use TikTok’s voice changer
A person's hand holding a phone with the TikTok app on it.
Twitter attempts to sort out verification system with new badges
A lot of white Twitter logos against a blue background.
Hive Social is my favorite Twitter alternative, but that’s not saying much
iPhone 14 Pro in hand showing off profile page on Hive Social app