Security News > 2021 > January > TikTok fixes flaws allowing theft of private user information
ByteDance, the tech firm behind TikTok, has addressed a security vulnerability in the video-sharing social networking service which could have allowed attackers to steal users' private personal information.
The security vulnerability found by Check Point researchers in TikTok's 'Find Friends' allowed attackers to bypass the platform's privacy protections enabling them to gain access to users' private personal information including but not limited to phone numbers and user IDs.
The user information exfiltrated and collected in attacks that would have exploited this TikTok vulnerability could later be used for launching spearphishing attacks and for other types of malicious activity.
In-depth information on how the vulnerability could be exploited to steal TikTok users' private info is available in Check Point's report shared with BleepingComputer in advance.
In January 2020, TikTok addressed another batch of security vulnerabilities in its infrastructure disclosed by Check Point researchers in late November 2019 and allowing attackers to hijack accounts, manipulate users' videos, and steal their info.
In April 2020, TikTok has launched a private bug bounty program and a HackerOne Bug Bounty Program in October 2020 encouraging security researchers to responsibly disclose any security bugs they find in TikTok's mobile and web apps.