TikTok, the most popular application of in 2019 likely leaked user data. Researchers at Check Point have found multiple security bugs in the app, which lets users post seconds-long videos. The security bugs, say researchers, put millions of Tik Tok users at risk.
“In the recent months, Check Point Research teams discovered multiple vulnerabilities within the TikTok application,” researchers at Check Point noted on the company’s website. “Check Point Research informed TikTok developers about the vulnerabilities exposed in this research and a solution was responsibly deployed to ensure its users can safely continue using the TikTok app.”
According to Check Point, the bugs let hackers get a hold of TikTok accounts and manipulate their content, delete videos, upload unauthorized videos, make private “hidden” videos public and reveal personal information saved on the account such as private email addresses.
The security bugs, according to researchers, could be exploited using vulnerabilities in the SMS system that Tik Tok uses to allow users to access their accounts through the Tik Tok website.
“During our research we found that it is possible to send a SMS message to any phone number on behalf of Tik Tok. On Tik Tok main site: www.tiktok.com, there is a functionality that lets users send an SMS message to themselves in order to download the application,” noted Check Point.
The security bugs were found in this mechanism. Using different functionality and bugs in this feature, a hacker could send a message to a Tik Tok account with a malicious link. Once a user clicked on this link, it would let hackers take control of the TikTok account.
It’s not clear how many TikTok users actually saw their account hacked into using this vulnerability but from what Check Point has revealed it seems that millions of TikTok users were at risk.
Tik Tok, compared to Facebook or Twitter, is managed by one of the most secretive technology companies in the world. Recently when New Yorker tried to profile the app and its business, it repeatedly ran into issues where no information was available, largely because the main office of Tik Tok was based in China.