TikTok addresses flaw that let hackers steal phone numbers - Dexerto
Entertainment

TikTok addresses flaw that let hackers steal phone numbers

Published: 26/Jan/2021 11:43 Updated: 26/Jan/2021 12:01

by Alice Hearing

Share


TikTok has found a “severe” bug that would allow users’ phone numbers to be compromised if taken advantage of by attackers. 

Just like other app developers, TikTok has a bounty program that allows security firms and users to try and find unknown problems within the app and get a nice cash reward for doing so.

Advertisement

The security firm Check Point Research recently discovered a flaw in the popular app’s security that allows hackers to use “Friend finder” to take phone numbers and other personal details that would be entered into a database to be used for future malicious intent.

According to Check Point, these details include “phone numbers, nicknames, profile and avatar pictures, unique user IDs and settings such as whether a user is a follower or if a user’s profile is hidden.”

Advertisement

TikTok new app notification
Unsplash: Solen Feyissa
TikTok has more than 1 billion users around the world

The company said it immediately informed TikTok and that the app’s developers quickly found a solution to the vulnerability which could have affected the 1 billion people that use the platform.

The “Friend finder” feature allows creates a user token and a session cookie for each unique device that creates an account. However, these cookies exist for up to 60 days from creation, which means they can be added to virtual devices rather than physical phones.

Advertisement

How to update your privacy settings

TikTok privacy settings
TikTok
TikTok allows you to remove devices you don’t recognize in settings

If you’re concerned and you’d like to make your TikTok account a little more secure, there are a few things you can do. To find privacy settings, go to your profile and click on the three dots in the top right-hand corner. From there you can change your privacy, and your security and login settings.

Under the Privacy tab, you can toggle “find your contacts” on or off, and you can change your ad settings to allow or stop companies from receiving any data.

Advertisement

If you are concerned that your account may be compromised, you can secure your account under the Security and login tab by viewing security alerts, removing any devices you don’t recognize, and turning 2-step verification on.