 "TikTok hacked, over 2 bn user database records stolen: Security researchers")
Cyber-security researchers on Monday discovered a potential data breach in Chinese short-form video app TikTok, allegedly involving up to 2 billion user database records.
Several cyber-security analysts tweeted about the discovery of what was "a breach of an insecure server that allowed access to TikTok's storage, which they believe contained personal user data".
"This is your forewarning. #TikTok has reportedly suffered a #data #breach, and if true there may be fallout from it in the coming days. We recommend you change your TikTok #password and enable Two-Factor Authentication, if you have not done so already," tweeted BeeHive CyberSecurity.
"We've reviewed a sample of the extracted data. To our email subscribers and private clients, we've already sent out warning communications," it added.
Troy Hunt, creator of data breach information site haveibeenpwned, posted a thread on Twitter to verify if the sample data is genuine or not. For him, the evidence is "so far pretty inconclusive".
BlueHornet|AgaisntTheWest posted all the details on breached forums.
"Who would have thought that @TikTok would decide to store all their internal backend source code on one Alibaba Cloud instance using a trashy password?" they tweeted, posting about how easily they could download the data.
A TikTok spokesperson was quoted as saying in news reports that their security team "investigated this statement and determined that the code in question is completely unrelated to TikTok's backend source code".
Microsoft 365 Defender Research Team just discovered a vulnerability in the TikTok app for Android that can let hackers take over private, short-form videos of millions of users once they clicked on a malicious link.
Microsoft discovered a high-severity vulnerability in the TikTok Android application, which could have allowed attackers to compromise users' accounts with a single click.
The vulnerability, which would have required several issues to be chained together to exploit, has now been fixed by the Chinese company.
"Attackers could have leveraged the vulnerability to hijack an account without users' awareness if a targeted user simply clicked a specially crafted link," the tech giant said in a statement last week.
--IANS
na/vd
(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)
Great minds don’t just skim the surface, they uncover the full story.
You’ve hit your limit of {{free_limit}} free articles this month, subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
and get complimentary access to
Quarterly
₹900
₹/month
Essential
₹2700
₹/month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Access to Exclusive Premium Stories Online
Unlimited access to all articles
30+ premium stories daily, handpicked by our editor
Complimentary Access to The New York Times
News, Games, Cooking, Audio
Wirecutter & The Athletic
Complimentary Access to Our e-Paper
Digital replica of our daily newspaper
Read, save, share any article
Curated Newsletters on Diverse Topics
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Smart Investment Tips
In-depth stock analysis & insights
The Smart Investor for wealth growth tips
Access to Extensive Historical Archives
Repository of articles and publications dating back to 1997
Ad-free Reading Experience
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Repository of articles and publications dating back to 1997