TikTok addresses flaw that let hackers steal phone numbers

TikTok bugPixabay

TikTok has found a “severe” bug that would allow users’ phone numbers to be compromised if taken advantage of by attackers. 

Just like other app developers, TikTok has a bounty program that allows security firms and users to try and find unknown problems within the app and get a nice cash reward for doing so.

The security firm Check Point Research recently discovered a flaw in the popular app’s security that allows hackers to use “Friend finder” to take phone numbers and other personal details that would be entered into a database to be used for future malicious intent.

Article continues after ad

According to Check Point, these details include “phone numbers, nicknames, profile and avatar pictures, unique user IDs and settings such as whether a user is a follower or if a user’s profile is hidden.”

TikTok new app notificationUnsplash: Solen Feyissa
TikTok has more than 1 billion users around the world

The company said it immediately informed TikTok and that the app’s developers quickly found a solution to the vulnerability which could have affected the 1 billion people that use the platform.

Sign up to Dexerto for free and receive:
Fewer Ads|Dark Mode|Deals in Gaming, TV and Movies, and Tech

The “Friend finder” feature allows creates a user token and a session cookie for each unique device that creates an account. However, these cookies exist for up to 60 days from creation, which means they can be added to virtual devices rather than physical phones.

Article continues after ad

How to update your privacy settings

TikTok privacy settings TikTok
TikTok allows you to remove devices you don’t recognize in settings

If you’re concerned and you’d like to make your TikTok account a little more secure, there are a few things you can do. To find privacy settings, go to your profile and click on the three dots in the top right-hand corner. From there you can change your privacy, and your security and login settings.

Under the Privacy tab, you can toggle “find your contacts” on or off, and you can change your ad settings to allow or stop companies from receiving any data.

Article continues after ad

If you are concerned that your account may be compromised, you can secure your account under the Security and login tab by viewing security alerts, removing any devices you don’t recognize, and turning 2-step verification on.

Related Topics