TikTok has been hacked!
Cybersecurity researchers on Monday uncovered a potential data breach from Chinese short-video app TikTok that reportedly affected as many as 2 billion user database records.
Several cybersecurity analysts tweeted that they found “an unsecured server compromised, allowing access to TikTok’s storage, which they believe contains user personal information.”
“Here’s your early warning. #TikTok has reportedly suffered a #databreach, and if true, there could be repercussions in the coming days. If you haven’t already, we recommend that you change your TikTok password and turn on two-factor authentication,” BeeHive Cyber Security tweeted.
“We examined samples of extracted data. We have sent alerts to our email subscribers and private customers,” it added.
Troy Hunt, creator of data breach information site haveibeenpwned, posted a thread on Twitter to verify that the sample data was genuine. For him, the evidence is “so far inconclusive”.
BlueHornet|AgaisntTheWest posted full details on the cracking forum.
“Who knew @TikTok would decide to store all of its internal backend source code on an Alibaba Cloud instance with an unusable password?” they tweeted about how easy it was for them to download the data.
The news report quoted a TikTok spokesman as saying that his security team “investigated this statement and determined that the code in question is not related to TikTok’s backend source code.”
The Microsoft 365 Defender research team just discovered a vulnerability in the TikTok app for Android that allows hackers to hijack the private short videos of millions of users once they click on a malicious link.
Microsoft has discovered a high-severity vulnerability in Android app TikTok that could allow attackers to compromise user accounts with a single click.
The Chinese company has now fixed the vulnerability, which required multiple issues to be chained together to be exploited.
“If a targeted user simply clicked a specially crafted link, an attacker could exploit the vulnerability to hijack an account without the user’s knowledge,” the tech giant said in a statement last week.