A flaw was identified in the popular video-sharing app TikTok that would have let hackers scrape personal information from users' accounts, according security researchers at Check Point.
Such details included phone numbers, nicknames, profile and avatar pictures, unique user IDs, as well as certain profile settings. Security firm had seen its customers fall victim to the same kind of attack, they noted.
TikTok disclosed the flaw, dubbed topline-1 in documents reviewed by security analysts at Check Point and now actively being exploited, on Aug. 14, the company said. The exploit was fixed on Aug. 20.
Damage: An attacker could have stolen username, phone number or information to seed spam
Exact number of users affected by the vulnerable service is unknown.
It would take a significant amount of effort to map a significant amount of topline-1 victims, Check Point noted. But they expected it to be "many millions."
The firm has contacted at least one affected user who reported a phone number taken from a Google chat where victims said they were first contacted to say they had been hacked.
Users were instructed to change their password to have their accounts unaffected. Kickbacks added to the amount needed to cash-in the call, requiring further progress logins and account mappings, the firm said.
Check Point said it has found no evidence that the vulnerability is widespread. To view partial stack traces under debugging, a user needs to have an evil tree permissions token. Like any application, TikTok's services mention of fragments when notified of an authentication failure. Either results would lead to a reset.
Crowd surveillance tool improved
Citizen TV is better than any other personalized messaging service, according to Chris Bennet. He developed the CitizenTV platform - widely considered to be the best multi-channel personalization, media distribution, chat and social messaging system on the planet.
Since Citizen is the front end to a social platform, he also essentially provides the infrastructure that powers the social messages. 'It's is a library of messages,' he told Computerworld.
"Our proposed communication system eliminates the cost, time, and hacking risk associated with building a user feedback tool." Citizen TV's capabilities basically need to call to organizations and peers for one-to-one adds, adds, does and drops. Citizen does not call directly to The Internet" "If a peer does one of these things, they don't get paid. They don't get commission," he also said. A peer who holes up at a coffee shop or a friend's place. He/she can have all the communication they want with their friend, but it doesn't count if they don't sort through it and relaying it, and anonymize the bad communications, Bennet
Such details included phone numbers, nicknames, profile and avatar pictures, unique user IDs, as well as certain profile settings. Security firm had seen its customers fall victim to the same kind of attack, they noted.
TikTok disclosed the flaw, dubbed topline-1 in documents reviewed by security analysts at Check Point and now actively being exploited, on Aug. 14, the company said. The exploit was fixed on Aug. 20.
Damage: An attacker could have stolen username, phone number or information to seed spam
Exact number of users affected by the vulnerable service is unknown.
It would take a significant amount of effort to map a significant amount of topline-1 victims, Check Point noted. But they expected it to be "many millions."
The firm has contacted at least one affected user who reported a phone number taken from a Google chat where victims said they were first contacted to say they had been hacked.
Users were instructed to change their password to have their accounts unaffected. Kickbacks added to the amount needed to cash-in the call, requiring further progress logins and account mappings, the firm said.
Check Point said it has found no evidence that the vulnerability is widespread. To view partial stack traces under debugging, a user needs to have an evil tree permissions token. Like any application, TikTok's services mention of fragments when notified of an authentication failure. Either results would lead to a reset.
Crowd surveillance tool improved
Citizen TV is better than any other personalized messaging service, according to Chris Bennet. He developed the CitizenTV platform - widely considered to be the best multi-channel personalization, media distribution, chat and social messaging system on the planet.
Since Citizen is the front end to a social platform, he also essentially provides the infrastructure that powers the social messages. 'It's is a library of messages,' he told Computerworld.
"Our proposed communication system eliminates the cost, time, and hacking risk associated with building a user feedback tool." Citizen TV's capabilities basically need to call to organizations and peers for one-to-one adds, adds, does and drops. Citizen does not call directly to The Internet" "If a peer does one of these things, they don't get paid. They don't get commission," he also said. A peer who holes up at a coffee shop or a friend's place. He/she can have all the communication they want with their friend, but it doesn't count if they don't sort through it and relaying it, and anonymize the bad communications, Bennet
g
