Just on the day we learn that the phone numbers of more than 500 million Facebook users have been exposed and are for sale on a Telegram bot, another security vulnerability is now known in another social network that implies that the personal data of the users is also exposed.
TikTok has appreciated that the error was reported and has already solved it
In this case, it is a security flaw that has been discovered in the short video app TikTok, in its “Find friends” functionality, and that according to the security firm Check Point would allow a user with the necessary knowledge, to carry out the scrapping – that is, the massive obtaining of information – of public data such as the username and URL of the profile, the photograph or profile avatar … but also other more sensitive information such as phone number and account settings.
As indicated by the security firm, this information could have been used to manipulate user accounts or to create a database with user information to sell to third parties or with malicious intent, although it has not been possible to confirm whether this has it been so or not.
TikTok would have already resolved the security flaw, but the data could have already been collected for malicious purposes. According to Check Point alert, the data could be used to deceive users with phishing techniques and take over their bank details, for example. “Our recommendation to TikTok users is to provide as little personal data as possible,” says Ekram Ahmed, a spokesman for the security firm.
The Chinese social network, for its part, thanked the security firm’s researchers for reporting the error. It is not the first time that TikTok has been involved in controversies of this type that concern the safety of users. This same month, another vulnerability was found that allowed users to send messages with malicious links even if they were not contacts on the platform.