Latest in Gear

Image credit: Dado Ruvic / Reuters

TikTok fixed a flaw that could have exposed user accounts

The company says that no sensitive information was leaked.
81 Shares
Share
Tweet
Share
Save

Sponsored Links

Dado Ruvic / Reuters

TikTok has been the subject of national security concerns for some time, and now things are set to get a little more uncomfortable for the company. According to cybersecurity company Check Point, the popular app had serious vulnerabilities that could have allowed hackers to obtain personal information and manipulate user data.

The vulnerability could have resulted in TikTok users being sent messages containing malicious links. If clicked, attackers could take control of user accounts. Check Point also discovered a separate flaw, which allowed researchers to obtain personal information via TikTok's website.

Check Point made TikTok aware of these vulnerabilities on November 20th last year, and by December 15th they had been fixed. TikTok said in a statement that it didn't appear that the flaws were exploited in any way:

"TikTok is committed to protecting user data. Like many organizations, we encourage responsible security researchers to privately disclose zero day vulnerabilities to us. Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers," said Luke Deshotels, PhD, TikTok Security Team. "Following a review of customer support records, we can confirm that we have not seen any patterns that would indicate an attack or breach occurred."

As TikTok's popularity has exploded -- the app has been downloaded some 1.5 billion times worldwide -- so has scrutiny over its parent company, ByteDance. A start-up success story, the Chinese company has links to the Chinese government that have led to concerns over global national security. ByteDance was at the center of a major security review back in November (ironically, just as these flaws were being discovered), while last week the US military opted to ban the app altogether.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
81 Shares
Share
Tweet
Share
Save

Popular on Engadget

US Space Force logo unveiled with a clear Star Trek influence

US Space Force logo unveiled with a clear Star Trek influence

View
Uber reaches its last major city in North America

Uber reaches its last major city in North America

View
Grab a discounted Pixel 3a and get a $100 gift card at these US retailers

Grab a discounted Pixel 3a and get a $100 gift card at these US retailers

View
Watch Google's upcoming AirDrop-style file sharing in action

Watch Google's upcoming AirDrop-style file sharing in action

View
Google vows to make Search 'better' after redesign backlash

Google vows to make Search 'better' after redesign backlash

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr