Social media sensation TikTok gained immense popularity last year. The music video app hit 1.5 billion downloads near the end of 2019, beating both Facebook and Instagram to become the most downloaded non-gaming app of 2019.
However, the app has come under a lot of scrutiny lately and its for all the right reasons. A cybersecurity firm CheckPoint has recently discovered serious vulnerabilities in TikTok that let hackers access a user’s profile and their videos.
The vulnerability allowed hackers to send text messages that are disguised as legitimate texts from TikTok itself. The malicious messages contained a link which, once clicked, would give hackers access to the user’s account and private videos.
A separate vulnerability would redirect a hacked user to a malicious website that looked like TikTok’s homepage, leaving the user’s account open to cross-site scripting and other types of attacks.
CheckPoint informed TikTok about the security flaw as soon as it was discovered and the vulnerability has since been patched.
Luke Deshotels, the head of TikTok’s security team commented:
TikTok is committed to protecting user data. Like many organizations, we encourage responsible security researchers to privately disclose zero-day vulnerabilities to us. Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers.