One of the most popular social media sites has potentially allowed user data to fall into the wrong hands. With over 800 million active users worldwide, that leaves a lot of data open for an incoming cyber attack.
The vulnerability occurred via the “Find Friends” feature of the video-sharing app. Tiktok’s sync feature, which synced contacts who also had accounts, means a user’s profile details could be linked to phone numbers. Since the app doesn’t require a phone number association, those without their numbers attached would not have been affected by the security flaw.
In theory, a malicious actor could bypass TikTok’s signing service, mass-sync contacts to a database, and gain access to other sensitive information linked to that particular account. This includes information like email addresses, user IDs, account nicknames, and so on.
The leverage a hacker gains from this type of data breach is immense. They could send a user phishing emails containing that user’s login details and demand a ransom for that information. A bad actor could also utilize other social engineering tactics to get into a person’s email account.
Criticism of privacy policies isn’t new for the social media giant, as flaws allowing account takeovers have been known since last year. In this scenario, an attacker could upload, delete or change settings on videos from a user’s account.
While the vulnerability was patched before it was publicly announced, there’s no telling who had access to this information and for how long. Maintaining cybersecurity best practices isn’t something to put off until tomorrow. The online world we live in is ever-changing, and threats are ever-present.
Who’s Got Your Data?
Need an estimate? Request a quote below!