304 North Cardinal St.
Dorchester Center, MA 02124
Cybersecurity researchers on Monday discovered a potential data breach in Chinese short-form video app TikTok that reportedly includes up to 2 billion user database records.
Several cybersecurity analysts tweeted about the discovery of what was a “breach of an unsecured server that allowed access to TikTok storage believed to contain personal user data.”
“This is your warning. #TikTok has reportedly suffered a #data #breach and if true there may be fallout in the coming days. We recommend that you change your #TikTok password and enable two-factor authentication if you haven’t already done so ,” tweeted BeeHive CyberSecurity.
“We have reviewed a sample of the extracted data. We have already sent out warning messages to our email subscribers and private clients,” he added.
Troy Hunt, creator of the data breach website haveibeenpwned, posted a thread on Twitter to verify whether the sample data was genuine or not. For him, the evidence is “so far quite inconclusive”.
BlueHornet|AgaisntTheWest posted all the details on the hacked forums.
“Who would have thought that @TikTok would decide to store all of their internal backend source code on a single Alibaba Cloud instance using a nonsensical password?” they tweeted and wrote about how easily they could download the data.
A TikTok spokesperson said in the news that their security team “investigated this statement and found that the code in question is completely unrelated to TikTok’s backend source code.”
The Microsoft 365 Defender research team has just discovered a vulnerability in the TikTok app for Android that could allow hackers to take over the private short videos of millions of users once they click on a malicious link.
Microsoft has discovered a very serious vulnerability in the TikTok app for Android that could allow attackers to compromise users’ accounts with a single click.
The vulnerability, which would have required the combination of several issues to exploit, has now been patched by the Chinese company.
“Attackers could use the vulnerability to hijack an account without users’ knowledge if the target user simply clicked on a specially crafted link,” the tech giant said in a statement last week.