A TikTok vulnerability gave access to users’ private data, including phone number

As confirmed by security analysts, the TikTok video platform suffered a serious vulnerability that gave access to a good amount of private user data. Unique IDs, user names, avatars and even the phone number, the information was accessible after a very specific access process. The error is now fixed.

TikTok is one of the social networks that has experienced the greatest growth in recent times: it is expected that by the end of 2021 the platform reach 1.2 billion unique users. This significant volume of use has another drawback: the attention of those who seek access to private data. We recently learned that TikTok offered a gateway to some of that data.

A failure in the search for friends opened the door to user data

The vulnerability detected in the platform was corrected, so there would no longer be a risk that attackers could use it. There is no evidence that it will be used massively to obtain user data, at least This is what Check Point ensures, firm that made the discovery.

Check Point used the user registration service to take advantage of the cookies used by TikTok in authentication through HTTP message. Check Point was able to automate the process, managing to scale the upload and synchronization of contacts; until obtaining user data that is associated with said contacts, such as name, ID, avatar and phone number. Of course, the phone number is only associated with the account if the user decides to share this data with TikTok (it is essential to search for other contacts on the social network).

TikTok has already fixed the vulnerability. However, it is best not to share data as private as the phone number with the platform.

Via | Cnet

More information | Check Point

–
The news

A TikTok vulnerability gave access to users’ private data, including phone number

was originally published in

Xataka Android

by
Ivan Linares

.