TikTok security breach allowed attackers to leak personal information

The research group of cyber company Imperva uncovers a vulnerability that could allow attackers to monitor users' activity on both mobile and desktop devices

A TikTok security breach allowed potential attackers to leak information about any user on the platform if they opened a link, Israeli cybersecurity company Imperva revealed on Wednesday.
<< Follow Ynetnews on Facebook and Twitter >>
Other stories:
According to the company’s research group, this vulnerability, which has now been fixed, was caused by a window message event handler that does not properly validate the message origin, providing attackers access to sensitive user information. The information included details of the device, details of the user, viewing history, search, viewing time, and more.
1 View gallery
(Photo: PixieMe / Shutterstock.com)
The security breach was discovered in the TikTok system that tracks user data. The weakness was caused by a lack of authentication both in receiving and sending internal messages in the system. After the security weakness was revealed, the company was contacted and after a short time the problem was fully resolved.
“This weakness is an excellent example of how privacy and security in social networks largely depend on the companies that provide the service,” said Nadav Avital, Director of threat research at Imperva.
“Unsafe use of a function that depends on external input leaked personal information that could have been used by hackers for further attacks such as phishing, blackmail, or alternatively for attacks on devices of high-profile users. We appreciate the fact that Tiktok worked very seriously to fix the weakness.״
The commenter agrees to the privacy policy of Ynet News and agrees not to submit comments that violate the terms of use, including incitement, libel and expressions that exceed the accepted norms of freedom of speech.