Security News

TikTok's Chinese parent company ByteDance has agreed to pay $92 million in a settlement to U.S. users who are part of a class-action lawsuit alleging that the video-sharing app failed to get their consent to collect data in violation of a strict Illinois privacy law. The federal lawsuit alleged that TikTok broke the Illinois biometric privacy law, which allows suits against companies that harvest consumer data without consent, including via facial and fingerprint scanning.

An umbrella group comprising 44 consumer-privacy watchdog organizations have filed a complaint against TikTok, saying the wildly-popular video-sharing platform has "Misleading" data-collection policies. "TikTok does not clearly inform its users, especially children and teenagers, about what personal data is collected, for what purpose and for what legal reason," said the BEUC, in a report released Tuesday, along with the complaint.

President Joe Biden's administration has asked a US federal court to pause proceedings aimed at banning TikTok to allow for a fresh review of the national security threat from the popular Chinese-owned video app. The Trump administration move to ban downloads of TikTok and its presence on online networks had been stalled amid legal challenges.

Facebook told KrebsOnSecurity it seized hundreds of accounts - mainly on Instagram - that have been stolen from legitimate users through a variety of intimidation and harassment tactics, including hacking, coercion, extortion, sextortion, SIM swapping, and swatting. THE MIDDLEMEN. Facebook said it targeted a number of accounts tied to key sellers on OGUsers, as well as those who advertise the ability to broker stolen account sales.

Cybersecurity researchers on Tuesday disclosed a now-patched security flaw in TikTok that could have potentially enabled an attacker to build a database of the app's users and their associated phone numbers for future malicious activity. Although this flaw only impacts those users who have linked a phone number with their account or logged in with a phone number, a successful exploitation of the vulnerability could have resulted in data leakage and privacy violation, Check Point Research said in an analysis shared with The Hacker News.

A vulnerability in the popular TikTok short-form video-sharing platform could have allowed attackers to easily compile users' phone numbers, unique user IDs and other data ripe for phishing attacks. In order to help users find friends through their contacts, TikTok contained a sync feature for contacts who had TikTok accounts.

ByteDance, the tech firm behind TikTok, has addressed a security vulnerability in the video-sharing social networking service which could have allowed attackers to steal users' private personal information. The security vulnerability found by Check Point researchers in TikTok's 'Find Friends' allowed attackers to bypass the platform's privacy protections enabling them to gain access to users' private personal information including but not limited to phone numbers and user IDs.

The ongoing controversies surrounding TikTok hit a new gear on Thursday with a bombshell report accusing the Chinese company of spying on millions of Android users using a technique banned by Google. The Wall Street Journal said TikTok was exploiting a loophole to collect MAC addresses for at least 15 months.

TikTok has decided to boost privacy measures for its underage users, the popular video-sharing social-media company announced. TikTok's popularity is being driven by teens - the company reported in 2019 about 60 percent of its 26.5 monthly users are between the ages of 16 and 24, and these latest measures are an attempt to make the platform safer for its youngest users, according to the company.

The US Treasury on Wednesday said it had extended by seven days the November 27 deadline given to the Chinese owner of TikTok to sell the popular social media platform's American business. Trump, who lost his bid for re-election this month, has claimed that TikTok - which has some 100 million US users - can be used to collect data on Americans for Chinese espionage, a claim denied by the company.