Home > Media News > Microsoft has identified a TikTok flaw that might hijack user credentials

Microsoft has identified a TikTok flaw that might hijack user credentials
5 Sep, 2022 / 04:44 am / Tiktok

Source: http://www.mashable.com

945 Views

Mashable: Researchers said that hackers could have taken over a TikTok user's account by getting them to click on a single link.

Microsoft's cybersecurity team said Wednesday that hundreds of millions of TikTok users could have their accounts taken over because of a "high severity" security flaw in the Android app.

Researchers said that hackers could have taken over a TikTok user's account by getting them to click on a single link.

Dimitrios Valsamaras of Microsoft's 365 Defender research team wrote, "Attackers could have used the vulnerability to take over a user's account without them knowing if the user clicked on a specially made link."

"Attackers could have then gotten into users' TikTok profiles and sensitive information and changed it, such as by making private videos public, sending messages, and uploading videos on users' behalf."

TikTok fixed the bug after Microsoft told them about it, and both companies say there's no evidence that hackers took advantage of it. It was said that the iPhone version of the app was not affected.

More than 1 billion people use the social media app that has its parent firm based out of China. Hundreds of millions of Android users around the world could have been affected by the bug if it hadn't been found. More than 1.5 billion times, people have downloaded the app from the Google Play Store.

Microsoft's report claims that the security team forged a connection that let them into a user's account without the latter's knowledge or consent. As part of a test, when a user clicked on the link, Microsoft changed the user's account to say "!! SECURITY BREACH!!!"

Microsoft also emphasized the significance of "exercising caution when visiting unexpected links," as they might serve as entry points for malicious actors.