Security concerns about TikTok, the globally popular short video sharing app have come to light as a hacker claims to have broken into its database and accessed user information.
On Sept. 3, a user with the name AgainstTheWest claimed to have hacked TikTok and WeChat on the Breach Forums message board, a hacker forum. The poser said 790 gigabytes of user information and 2.05 billion records had been downloaded from the database, but he had not yet decided whether to sell it or release it to the public. The hacker also posted two links to data samples and a video of a set of database tables.
TikTok denied that its database had been breached, saying its security team had investigated and found no evidence of a security breach. However, doubts remain as internet experts assess the authenticity of the rumors.
Similarly, on Aug. 31, a Microsoft research team announced that it had found a serious vulnerability in TikTok’s Android app that could allow an attacker to compromise user accounts with a single click. An attacker could use the vulnerability to hijack an account without the user’s knowledge, then access and modify the user’s TikTok profile and sensitive information, such as making private videos public, sending messages, and uploading videos on the user’s behalf.
TikTok has two versions of the Android app. In its review of the TikTok vulnerability, the Microsoft research team determined that both apps could be affected. More than 1.5 million TikTok for Android apps have been installed to date.
TikTok responded that the vulnerability had been fixed after Microsoft informed the company.
The report also said TikTok was able to monitor because it used an in-app browser, which is part of the app, to make changes to websites. When people click on TikTok ads or visit a creator’s profile, the app doesn’t work with regular browsers like Safari or Chrome. Instead, it defaults to the TikTok app’s built-in browser to rewrite some web pages.
Of the seven iPhone apps Krause tested that used a built-in browser (it didn’t test Android system), TikTok was the only one that could monitor keystrokes. It also seemed to monitor more activities than any other application.
TikTok’s Ties With the CCP
TikTok now has more than 1 billion monthly active users, mostly young people. However, the social media platform has drawn scrutiny due to its ownership by the Chinese company ByteDance, located in Beijing and a reported link to the Chinese Communist Party (CCP).On Aug. 12, the Cyberspace Administration of China (CAC), the country’s top internet regulator issued a notice, publicly requiring 30 Chinese internet companies to submit data on their archiving algorithms. Bytedance was one of them.
The algorithms are tailored to the preferences of each user through artificial intelligence. Zhu Wei, an associate professor at China University of Political Science and Law, said the algorithm is not a simple calculation program, but more connected to personal information and big data.
“The fact that we’ve got millions of Australians accessing an app where the usage of their data is questionable is very much a modern security challenge for the country,” O'Neil told Sydney Morning Herald in early September.
TikTok users in the United States now number about 80 million, or about one-quarter of the U.S. population.
