Cybersecurity officer Check Point Research has discovered a vulnerability in TikTok for the second time, this time in the ‘Find Friends’ feature.
This allowed potential attackers to gain access to the profile information and phone numbers of users for some time.
The vulnerability allowed hackers to bypass TikTok’s privacy protections. In theory, this allowed them to build a database of information to use that data for malicious purposes later. It is not known whether the vulnerability was exploited. The vulnerability has now been patched and fixed by TikTok parent company ByteDance.
According to Check Point Research, the data accessible through the vulnerability included the TikTok user’s phone number, his or her nickname, profile and avatar images, unique user ID, and specific settings.
Check Point Research has now found vulnerabilities in TikTok twice. On January 8, 2020, the company also published a paper on a series of vulnerabilities in the popular video app.
At the time, they allowed a threat to access personal information in users’ accounts and manipulate account information or take action on behalf of a user without his consent.