Security News

TikTok Pays Out $11,000 Bounty for High-Impact Exploit
2021-03-22 12:49

A researcher has earned over $11,000 from TikTok after disclosing a series of vulnerabilities that could have been chained for a high-impact 1-click exploit. As for what an attacker could have done with this exploit, the researcher said "Anything TikTok can do on your device, the exploit can do."

Using TikTok? Check out these six security tips
2021-03-04 21:26

Security concerns largely center on the fact that TikTok is a Chinese company. If you decide to use TikTok - and the same goes for all social media platforms - be careful with what you share, and don't assume any inherent data security or privacy.

TikTok owner ByteDance to pay $92M in US privacy Settlement
2021-02-26 11:44

TikTok's Chinese parent company ByteDance has agreed to pay $92 million in a settlement to U.S. users who are part of a class-action lawsuit alleging that the video-sharing app failed to get their consent to collect data in violation of a strict Illinois privacy law. The federal lawsuit alleged that TikTok broke the Illinois biometric privacy law, which allows suits against companies that harvest consumer data without consent, including via facial and fingerprint scanning.

Complaint Blasts TikTok’s ‘Misleading’ Privacy Policies
2021-02-16 22:00

An umbrella group comprising 44 consumer-privacy watchdog organizations have filed a complaint against TikTok, saying the wildly-popular video-sharing platform has "Misleading" data-collection policies. "TikTok does not clearly inform its users, especially children and teenagers, about what personal data is collected, for what purpose and for what legal reason," said the BEUC, in a report released Tuesday, along with the complaint.

Biden Team Asks Court to Pause Move to Ban TikTok in US
2021-02-11 14:16

President Joe Biden's administration has asked a US federal court to pause proceedings aimed at banning TikTok to allow for a fresh review of the national security threat from the popular Chinese-owned video app. The Trump administration move to ban downloads of TikTok and its presence on online networks had been stalled amid legal challenges.

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts
2021-02-04 18:02

Facebook told KrebsOnSecurity it seized hundreds of accounts - mainly on Instagram - that have been stolen from legitimate users through a variety of intimidation and harassment tactics, including hacking, coercion, extortion, sextortion, SIM swapping, and swatting. THE MIDDLEMEN. Facebook said it targeted a number of accounts tied to key sellers on OGUsers, as well as those who advertise the ability to broker stolen account sales.

TikTok Bug Could Have Exposed Users' Profile Data and Phone Numbers
2021-01-26 20:36

Cybersecurity researchers on Tuesday disclosed a now-patched security flaw in TikTok that could have potentially enabled an attacker to build a database of the app's users and their associated phone numbers for future malicious activity. Although this flaw only impacts those users who have linked a phone number with their account or logged in with a phone number, a successful exploitation of the vulnerability could have resulted in data leakage and privacy violation, Check Point Research said in an analysis shared with The Hacker News.

TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks
2021-01-26 11:00

A vulnerability in the popular TikTok short-form video-sharing platform could have allowed attackers to easily compile users' phone numbers, unique user IDs and other data ripe for phishing attacks. In order to help users find friends through their contacts, TikTok contained a sync feature for contacts who had TikTok accounts.

TikTok fixes flaws allowing theft of private user information
2021-01-26 11:00

ByteDance, the tech firm behind TikTok, has addressed a security vulnerability in the video-sharing social networking service which could have allowed attackers to steal users' private personal information. The security vulnerability found by Check Point researchers in TikTok's 'Find Friends' allowed attackers to bypass the platform's privacy protections enabling them to gain access to users' private personal information including but not limited to phone numbers and user IDs.

Report: TikTok Harvested MAC Addresses By Exploiting Android Loophole
2021-01-14 16:21

The ongoing controversies surrounding TikTok hit a new gear on Thursday with a bombshell report accusing the Chinese company of spying on millions of Android users using a technique banned by Google. The Wall Street Journal said TikTok was exploiting a loophole to collect MAC addresses for at least 15 months.