As reported by Bloomberg, on Monday, several cybersecurity analysts tweeted about the discovery of what was purportedly a breach of an insecure server that allowed access to TikTok’s storage, which they believe contained personal user data. Only days earlier, Microsoft Corp. said it had found a “high-severity vulnerability” in TikTok’s Android application, “which would have allowed attackers to compromise users’ accounts with a single click.”
TikTok said the claims of a breach discovered over the weekend were incorrect. “Our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code,” a spokesperson said. The vulnerability identified by Microsoft is an issue that could have affected mobile phones running Android. It may have allowed attackers to access and modify “TikTok profiles and sensitive information, such as by publicizing private videos, sending messages and uploading videos on behalf of users,” wrote Dimitrios Valsamaras from the Microsoft 365 Defender Research Team.