Popular short video app TikTok is facing scrutiny following the claims of a massive data breach that allegedly exposed the data of over 2 billion users.
‘’This is your forewarning. TikTok has reportedly suffered a data breach, and if true there may be fallout from it in the coming days. We recommend you change your TikTok password and enable Two-Factor Authentication, if you have not done so already,’’ BeeHive CyberSecurity wrote in a tweet yesterday.
A company spokesperson denied the claims that have been shared by various analysts, saying: ‘’Our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code.’’
Australian web security consultant Troy Hunt examined some of the leaked user data which first appeared on a data breach marketplace platform in order to verify whether the alleged breach is real. While he found matches, this could be because of the publicly available data included in the files, he said.
‘’This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info. Some data is junk, but it could be non-production or test data. It’s a bit of a mixed bag so far,’’ Hunt wrote in a tweet thread.
Meanwhile, Microsoft’s 365 Defender Research Team also recently shared a blog post and announced that they found ‘’a high-severity vulnerability in the TikTok Android application, which could have allowed attackers to compromise users’ accounts with a single click’’.
The vulnerability, which has been fixed, could possibly have enabled attackers to access and change user profiles and private information, by publicly publishing their private videos, sending messages to other users and posting TikTok videos, Microsoft’s security team said.
According to a TikTok spokesperson, the company responded immediately to Microsoft’s discovery and fixed the vulnerability which was found in some earlier versions of the Android app of TikTok.
TikTok, which was first launched globally in 2017 and surpassed 1 billion monthly active users last year, has long been facing scrutiny for its data sharing and protection practices.
In August 2020, the former US President Donald Trump signed an executive order to ban transactions with ByteDance and Tencent, the owners of TikTok and WeChat. While the ban was blocked by a US judge before it took effect, the Biden administration is now planning to impose restrictions on the US transactions with Chinese companies, and to take a separate action against TikTok, as reported by Bloomberg.
In late June, FCC commissioner Brendan Carr called on Google and Apple to remove TikTok from their app stores because of its ‘’pattern of surreptitious data practices.’’