A cybersecurity firm has called attention to security holes in TikTok that would have allowed hackers to infiltrate the accounts among its billion-plus users, another black eye for a Chinese-owned social media phenom that’s drawn fire from U.S. lawmakers.
Check Point Software Technologies Ltd. outlined in a report a series of vulnerabilities that cyber-attackers could exploit to manipulate user accounts and information, from revealing personal data and deleting videos to sending text messages on behalf of TikTok. The research firm said it informed TikTok — owned by Chinese giant ByteDance Inc. — which deployed fixes. TikTok confirmed the patches and said it was committed to protecting user data, and encouraged researchers to privately disclose flaws.
The revelations may intensify the scrutiny over a social media service that’s exploded in popularity globally in past years. ByteDance has emerged as the world’s most valuable startup thanks largely to the platform, where more than a billion, largely young, users share lip-syncing and dance videos. But with escalating tensions between China and the U.S., American politicians have warned the app represents a national security threat and urged an investigation. The Beijing-based company is weighing options to address those concerns.
“TikTok videos are entertaining. They’ve created a major trend, a style, even a musical genre,” Check Point researchers wrote in the report. “But as some have experienced, there is often a fine line between fun clips to private, even intimate assets being compromised while trusting to be under the protection from the apps we use.”