From CNET: A vulnerability identified in the popular video-sharing app TikTok exposed users to having personal information scraped from their profile, including their phone number and profile settings, security researchers at cybersecurity firm Check Point said Tuesday. That information could have been used to manipulate users' account details and build a database of TikTok users for malicious activity, researchers said.
The flaw in the app's Find Friends feature also exposed users' nicknames, profile and avatar pictures, and unique user IDs, Check Point said. There's no evidence that the vulnerability was ever exploited, and the flaw has reportedly been patched.
"An attacker with that degree of sensitive information could perform a range of malicious activities, such as spear phishing or other criminal actions," Check Point spokesperson Ekram Ahmed said in a statement. "Our message to TikTok users is to share the bare minimum when it comes to your personal data."
TikTok called security and privacy in its community its highest priority and thanked Check Point for bringing the vulnerability to its attention.
View: Full Article