Security News > 2021 > January > TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks
A vulnerability in the popular TikTok short-form video-sharing platform could have allowed attackers to easily compile users' phone numbers, unique user IDs and other data ripe for phishing attacks.
In order to help users find friends through their contacts, TikTok contained a sync feature for contacts who had TikTok accounts.
If an attacker demonstrates to a phishing victim that they have their phone number or unique user ID associated with their TikTok account, the victim is more apt to believe them.
"The security and privacy of the TikTok community is our highest priority, and we appreciate the work of trusted partners like Check Point in identifying potential issues so that we can resolve them before they affect users," said a TikTok spokesperson in a statement.
Researchers said the most serious vulnerability in the platform could allow attackers to remotely take control over parts of victims' TikTok account, such as uploading or deleting videos, and changing settings on videos to make "Hidden" videos public.
Vanunu urged TikTok users to "Share the bare minimum when it comes to your personal data," and "Update your OS and applications to the latest versions."
News URL
https://threatpost.com/tiktok-flaw-phishing-attacks/163322/
Related news
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Samsung phone users under attack, Google warns (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)