TikTok, the Bytedance-owned video-first social media platform, was seen to carry a vulnerability in its app that could have allowed hackers to steal user data, or tamper with their accounts and content. Discovered by cybersecurity firm Check Point Research, multiple vulnerabilities were reported in the TikTok app. As part of these flaws, any person with malicious intent could have sent spoof messages to TikTok account holders, disguised as official communication and containing a link that redirected users to a page that resembled TikTok's official page.
Once users clicked on the URL, hackers could have gained access to certain parts of the respective TikTok accounts, and used it to upload any video to their account, delete videos, or change privacy settings of any video from public to private. The vulnerabilities were reported to Bytedance by Check Point back in November 2019, following which the company has patched the issues.
In a statement shared by TikTok with The Verge, Luke Deshotels, a member of TikTok's cybersecurity team, said, "TikTok is committed to protecting user data. Like many organizations, we encourage responsible security researchers to privately disclose zero day vulnerabilities to us. Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers."
The move comes at a time when Bytedance is facing increasing scrutiny behind practices on its platform, because of which the company has been taking actions such as increasing its risk analysis team for TikTok in international markets such as USA, Singapore and Ireland. The Chinese social media platform has seen massive expansion, buoyed by its entry to India. With the platform generating a massive amount of data thanks to its rapid growth, TikTok will possibly face further scrutiny, as well as attract interest of hackers and data miners looking to profit off private user information.