Security News > 2021 > January > TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks
A vulnerability in the popular TikTok short-form video-sharing platform could have allowed attackers to easily compile users' phone numbers, unique user IDs and other data ripe for phishing attacks.
In order to help users find friends through their contacts, TikTok contained a sync feature for contacts who had TikTok accounts.
If an attacker demonstrates to a phishing victim that they have their phone number or unique user ID associated with their TikTok account, the victim is more apt to believe them.
"The security and privacy of the TikTok community is our highest priority, and we appreciate the work of trusted partners like Check Point in identifying potential issues so that we can resolve them before they affect users," said a TikTok spokesperson in a statement.
Researchers said the most serious vulnerability in the platform could allow attackers to remotely take control over parts of victims' TikTok account, such as uploading or deleting videos, and changing settings on videos to make "Hidden" videos public.
Vanunu urged TikTok users to "Share the bare minimum when it comes to your personal data," and "Update your OS and applications to the latest versions."
News URL
https://threatpost.com/tiktok-flaw-phishing-attacks/163322/
Related news
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Phone Phishing Gang Busted: Eight Arrested in Belgium and Netherlands (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)