Security News > 2021 > January > TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks

TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks
2021-01-26 11:00

A vulnerability in the popular TikTok short-form video-sharing platform could have allowed attackers to easily compile users' phone numbers, unique user IDs and other data ripe for phishing attacks.

In order to help users find friends through their contacts, TikTok contained a sync feature for contacts who had TikTok accounts.

If an attacker demonstrates to a phishing victim that they have their phone number or unique user ID associated with their TikTok account, the victim is more apt to believe them.

"The security and privacy of the TikTok community is our highest priority, and we appreciate the work of trusted partners like Check Point in identifying potential issues so that we can resolve them before they affect users," said a TikTok spokesperson in a statement.

Researchers said the most serious vulnerability in the platform could allow attackers to remotely take control over parts of victims' TikTok account, such as uploading or deleting videos, and changing settings on videos to make "Hidden" videos public.

Vanunu urged TikTok users to "Share the bare minimum when it comes to your personal data," and "Update your OS and applications to the latest versions."


News URL

https://threatpost.com/tiktok-flaw-phishing-attacks/163322/