Security News

The ByteDance-owned platform, which currently stores European user data in the U.S. and Singapore, said the revision is part of its ongoing data governance efforts to limit employee access to users in the region, minimize data flows outside of it, and store the information locally. "Based on a demonstrated need to do their job, subject to a series of robust security controls and approval protocols, and by way of methods that are recognised under the GDPR, we allow certain employees within our corporate group located in Brazil, Canada, China, Israel, Japan, Malaysia, Philippines, Singapore, South Korea, and the U.S. remote access to TikTok European user data," the company said.
![S3 Ep99: TikTok “attack” – was there a data breach, or not? [Audio + Text]](/static/build/img/news/s3-ep99-tiktok-attack-was-there-a-data-breach-or-not-audio-text-small.jpg)
DUCK. I'm doing very, very well, thank you, Douglas! A messy thing that is bugging people is the question of this TikTok thing.

The denial follows alleged reports of a hack that surfaced on the Breach Forums message board on September 3, with the threat actor noting that the server holds 2.05 billion records in a humongous 790GB database. "Who would have thought that TikTok would decide to store all their internal backend source code on one Alibaba Cloud instance using a trashy password?," the hacking group known as BlueHornet tweeted over the weekend.

TikTok denies recent claims it was breached, and source code and user data were stolen, telling BleepingComputer that data posted to a hacking forum is "Completely unrelated" to the company. The user shared screenshots of an alleged database belonging to the companies, which they say was accessed on an Alibaba cloud instance containing data for both TikTok and WeChat users.

TikTok denies recent claims it was breached, and source code and user data were stolen, telling BleepingComputer that data posted to a hacking forum is "Completely unrelated" to the company. The user shared screenshots of an alleged database belonging to the companies, which they say was accessed on an Alibaba cloud instance containing data for both TikTok and WeChat users.

"Attackers could have leveraged the vulnerability to hijack an account without users' awareness if a targeted user simply clicked a specially crafted link," Dimitrios Valsamaras of the Microsoft 365 Defender Research Team said in a write-up. Successful exploitation of the flaw could have permitted malicious actors to access and modify users' TikTok profiles and sensitive information, leading to the unauthorized exposure of private videos.

Microsoft found and reported a high severity flaw in the TikTok Android app in February that allowed attackers to "Quickly and quietly" take over accounts with one click by tricking targets into clicking a specially crafted malicious link."Attackers could have leveraged the vulnerability to hijack an account without users' awareness if a targeted user simply clicked a specially crafted link," Microsoft 365 Defender Research Team's Dimitrios Valsamaras said.

TikTok has joined Twitter in publishing new US midterm misinformation rules, with considerable crossover in scope and style. Eric Han, TikTok's head of US safety, shared in a blog post that the social video platform is taking a variety of steps to provide access to authoritative information and counter election misinformation.

The UK's Parliament has ended its presence on TikTok after MPs pointed out the made-in-China social media service probably sends data about its users back to Beijing. The existence of the account saw half a dozen MPs write to the presiding officers of the Houses of Lords and Commons - Lord McFall of Alcluith and Sir Lindsay Hoyle, respectively - to ask for the account to be discontinued.

TikTok's Global Chief Security Officer Roland Cloutier has "Transitioned" from his job into "a strategic advisory role focusing on the business impact of security and trust programs." Cloutier's change was revealed in a Saturday organizational update that starts with Cloutier himself signing off from the job on grounds that TikTok has "Made significant progress in delivering on the promises we've made to our global community, business partners, and governments around the world."