What we know so far?
Cybersecurity experts purportedly found up to 2 billion user database records at risk in the Chinese short-form video app TikTok on Monday.
The discovery of what was described as “a breach of an unprotected server that permitted access to TikTok’s storage, which they suspect held personal user data” was tweeted about by a number of cyber-security analysts.
“This is a warning to you. If the reports of a data breach are accurate, there might be repercussions in the next several days for #TikTok. If you haven’t already, we advise you to update your TikTok password and enable two-factor authentication “BeeHive CyberSecurity tweeted.
Check if your email or phone is in a data breach
Troy Hunt, the founder of the data breach news website haveibeenpwned, created a thread on Twitter to check the veracity of the sample data. He believes that the evidence is “very inconclusive so far.”
All the information was uploaded on hacked forums by BlueHornet|AgaisntTheWest.
They tweeted about how simple it was to obtain the information and said, “Who would have imagined that @TikTok would opt to put all their internal backend source code on one Alibaba Cloud instance using a trashy password?”
The security team at TikTok
“investigated this statement and determined that the in question code is completely unrelated to TikTok’s backend source code,” a spokesperson for the company was quoted as saying in news reports.
The TikTok app for Android has a vulnerability that, if exploited it can be very serious said Microsoft 365 Defender Research Team. It may let hackers to take control of millions of users’ private, short-form movies after they clicked on a malicious link.
Does TikTok android app have a vulnerability?
In the TikTok Android app, Microsoft found a high-severity vulnerability that could have given attackers access to users’ accounts with just one click.
The Chinese corporation has since patched the vulnerability, which would have needed a sequence of problems to be exploited.
The internet giant claimed in a statement last week that if a targeted user had merely clicked a specially designed link, attackers could have used the weakness to hijack an account without users’ knowledge.