Latest in Tomorrow

Image credit:

TikTok fixed a flaw that could have exposed user accounts

The company says that no sensitive information was leaked.
Share
Tweet
Share

Sponsored Links

Dado Ruvic / Reuters

TikTok has been the subject of national security concerns for some time, and now things are set to get a little more uncomfortable for the company. According to cybersecurity company Check Point, the popular app had serious vulnerabilities that could have allowed hackers to obtain personal information and manipulate user data.

The vulnerability could have resulted in TikTok users being sent messages containing malicious links. If clicked, attackers could take control of user accounts. Check Point also discovered a separate flaw, which allowed researchers to obtain personal information via TikTok's website.

Check Point made TikTok aware of these vulnerabilities on November 20th last year, and by December 15th they had been fixed. TikTok said in a statement that it didn't appear that the flaws were exploited in any way:

"TikTok is committed to protecting user data. Like many organizations, we encourage responsible security researchers to privately disclose zero day vulnerabilities to us. Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers," said Luke Deshotels, PhD, TikTok Security Team. "Following a review of customer support records, we can confirm that we have not seen any patterns that would indicate an attack or breach occurred."

As TikTok's popularity has exploded -- the app has been downloaded some 1.5 billion times worldwide -- so has scrutiny over its parent company, ByteDance. A start-up success story, the Chinese company has links to the Chinese government that have led to concerns over global national security. ByteDance was at the center of a major security review back in November (ironically, just as these flaws were being discovered), while last week the US military opted to ban the app altogether.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Presenting the Best of CES 2021 winners!

Presenting the Best of CES 2021 winners!

View
Paramount+ will replace CBS All Access on March 4th

Paramount+ will replace CBS All Access on March 4th

View
Samsung's latest rugged tablet gets a Dex and WiFi 6 update

Samsung's latest rugged tablet gets a Dex and WiFi 6 update

View
Synthetic cornea helped a legally blind man regain his sight

Synthetic cornea helped a legally blind man regain his sight

View
Samsung’s 870 Evo boosts the performance of entry-level SSDs

Samsung’s 870 Evo boosts the performance of entry-level SSDs

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr