Security News
Facebook told KrebsOnSecurity it seized hundreds of accounts - mainly on Instagram - that have been stolen from legitimate users through a variety of intimidation and harassment tactics, including hacking, coercion, extortion, sextortion, SIM swapping, and swatting. THE MIDDLEMEN. Facebook said it targeted a number of accounts tied to key sellers on OGUsers, as well as those who advertise the ability to broker stolen account sales.
Cybersecurity researchers on Tuesday disclosed a now-patched security flaw in TikTok that could have potentially enabled an attacker to build a database of the app's users and their associated phone numbers for future malicious activity. Although this flaw only impacts those users who have linked a phone number with their account or logged in with a phone number, a successful exploitation of the vulnerability could have resulted in data leakage and privacy violation, Check Point Research said in an analysis shared with The Hacker News.
A vulnerability in the popular TikTok short-form video-sharing platform could have allowed attackers to easily compile users' phone numbers, unique user IDs and other data ripe for phishing attacks. In order to help users find friends through their contacts, TikTok contained a sync feature for contacts who had TikTok accounts.
ByteDance, the tech firm behind TikTok, has addressed a security vulnerability in the video-sharing social networking service which could have allowed attackers to steal users' private personal information. The security vulnerability found by Check Point researchers in TikTok's 'Find Friends' allowed attackers to bypass the platform's privacy protections enabling them to gain access to users' private personal information including but not limited to phone numbers and user IDs.
The ongoing controversies surrounding TikTok hit a new gear on Thursday with a bombshell report accusing the Chinese company of spying on millions of Android users using a technique banned by Google. The Wall Street Journal said TikTok was exploiting a loophole to collect MAC addresses for at least 15 months.
TikTok has decided to boost privacy measures for its underage users, the popular video-sharing social-media company announced. TikTok's popularity is being driven by teens - the company reported in 2019 about 60 percent of its 26.5 monthly users are between the ages of 16 and 24, and these latest measures are an attempt to make the platform safer for its youngest users, according to the company.
The US Treasury on Wednesday said it had extended by seven days the November 27 deadline given to the Chinese owner of TikTok to sell the popular social media platform's American business. Trump, who lost his bid for re-election this month, has claimed that TikTok - which has some 100 million US users - can be used to collect data on Americans for Chinese espionage, a claim denied by the company.
A researcher has earned nearly $4,000 from TikTok after discovering a couple of vulnerabilities that could have been chained to hijack accounts. Muhammed Taskiran, a 20-year-old researcher based in Germany, informed TikTok in late August that a URL parameter on tiktok.com was "Reflecting its value without being properly sanitized."
TikTok has addressed two vulnerabilities that could have allowed attackers to take over accounts with a single click when chained together for users who signed-up via third-party apps. German bug bounty hunter Muhammed Taskiran discovered a reflected cross-site scripting security bug - also known as a non-persistent XSS - in a TikTok URL parameter reflecting its value without proper sanitization.
Instagram and TikTok social-media influencers Kelly Fitzpatrick and Sabrina Kelly-Krejci are among 13 defendants in a lawsuit filed by Amazon, which alleges that they participated in an an online scam to sell counterfeit luxury goods. Counterfeit goods are strictly forbidden in the Amazon marketplace, but generic products - often called "Dupes" - are allowed.