Researchers at Check Point Research have discovered vulnerabilities in the popular video-sharing platform TikTok that allow users to spoof SMS messages and exploit an API flaw that can grand access to users’ personal data. However, ByteDance has since patched these flaws. If left un-updated, intruders could still gain access to users’ accounts and manipulate their content, altering accounts in ways like deleting videos, uploading unauthorized videos and changing data such as full name, email address, and birthdate.
Analysts at Check Point stated that they had uncovered a chain of vulnerabilities and reported that the entire application lacked proper security measures. This lead to malicious actors taking control of accounts. Tik Tok, which boasts millions of users worldwide, faces ongoing pressure from the security industry as it continues to gain popularity.
Read More: TikTok Bugs Put Users’ Videos, Personal Data At Risk