As reported by Bloomberg, on Monday, several cybersecurity analysts tweeted about the discovery of what was purportedly a breach of an insecure server that allowed access to TikTok’s storage, which they believe contained personal user data. Only days earlier, Microsoft Corp. said it had found a “high-severity vulnerability” in TikTok’s Android application, “which would have allowed attackers to compromise users’ accounts with a single click.”
TikTok said the claims of a breach discovered over the weekend were incorrect. “Our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code,” a spokesperson said. The vulnerability identified by Microsoft is an issue that could have affected mobile phones running Android. It may have allowed attackers to access and modify “TikTok profiles and sensitive information, such as by publicizing private videos, sending messages and uploading videos on behalf of users,” wrote Dimitrios Valsamaras from the Microsoft 365 Defender Research Team.
There has long been much scrutiny over the way TikTok handles its own security and the way it looks after the privacy of its users, which naturally attracts attention from criminal groups as well as nation-state actors. Although this data could purely be widely public data which has been scraped openly from the site, it still highlights the fact that the biggest social media platform in the world attracts criminal hackers and they will continue to be relentless and look for any vulnerability if it’s there. Whether this turns out to be truly private data causing every account to be potentially vulnerable or just open information from the site, users must make sure they have security alerts activated within the app and two-factor authentication turned on, as well as ensuring that their password used on the account is unique to any other account.