TikTok security faces more scrutiny after Microsoft finds ‘high-severity vulnerability’ in video app

As it guards the personal information of over a billion users, TikTok is coming under increased scrutiny.

Several analysts said on Monday that they believed that personal user data was contained in the TikTok data. Microsoft said it had found a vulnerability in TikTok that would allow attackers to compromise users' accounts with a single click.

A year ago, TikTok surpassed a billion monthly users and now ranks as one of the most popular apps for young people. It's an attractive target for hackers who might want to hijack popular accounts or sell sensitive information. In 2020 it was identified as a privacy threat by the Trump administration and almost banned because of concerns about links between its Beijing-based parent company and the Chinese government.

TikTok said the claims of a violation were not true. The code in question is not related to TikTok's source code, according to a spokesman.

Troy Hunt, an Australian web security consultant, looked at some of the data samples listed in the leaked files and found similarities between user profiles and videos posted under those IDs. Some of the data included in the leak was public.

Some data matches production info, but it's not conclusive. He said that some data could be non-production or test data. It is a mixed bag at this point.

There is a vulnerability that could affect mobile phones. It is possible that attackers were able to access and modify TikTok profiles and sensitive information, such as uploading videos on behalf of users.

The security flaw in the TikTok app was fixed quickly by the company.

At a time when the US may step up its measures against businesses with links to China, there will be intense focus on TikTok. Nine US senators wrote a letter to TikTok's chief executive officer asking him to explain security breeches.

President Joe Biden is expected to sign an executive order that would restrict US investment in Chinese tech companies and a separate action targeting TikTok is a possibility. The company has told the US Congress that it has taken steps to protect that data.

Robert Potter, co-CEO of Australian-US cybersecurity firm Internet 2.0 Inc., said that there is a big gap between how TikTok operates and how it claims to operate.

In July, Potter's team said in a report that it had found "excessive data harvesting" carried out by TikTok on user devices, that the app checks device location at least once an hour, and it has code that collects serial numbers for both the device and the sim card

The Minister for Home Affairs in Australia ordered her department to investigate what data TikTok acquires and who can access it after the report received a lot of attention.

Technology companies that are based in countries with a more authoritarian approach to the private sector are a problem, according to O'Neil. TikTok isn't the end of this. It is one of the many issues that have arisen due to the dominance of technology companies in our lives.

If you sign up for the email list, you will be kept up to date with our biggest features, exclusive interviews, and investigations.