Daily Management Review

User data collection vulnerability is found in TikTok


A vulnerability has been found in TikTok's Find Friends feature that could allow attackers to collect users' personal data: phone number, nickname, user ID and profile pictures, Check Point said.

The breach also gives access to some profile settings, including the ability to hide the profile and manage subscriptions.

By exploiting this vulnerability, cybercriminals could create a database of users and their phone numbers and use it in targeted phishing attacks, for example, said Oded Vanunu, head of product vulnerability research at Check Point Software Technologies. 

He recommends that TikTok users provide as little information about themselves as possible and regularly update their operating system and applications to the latest version.

Check Point said it had reported the vulnerability to app developer ByteDance, which is already taking steps to fix it.

source: checkpoint.com