TikTok, the rapidly growing video-sharing app favored by teens and young adults, has reportedly had major security vulnerabilities of late.
According to research published Wednesday by the Israeli cybersecurity company Check Point, these flaws in the app, which TikTok says it’s since fixed, would have allowed hackers to send users messages containing links that could be leveraged to usurp user accounts and gain access to private videos. Check Point researchers also discovered they were able to access users’ personal information through the company’s website, identifying yet another blatant vulnerability. Given how young many of TikTok’s users are, these security issues are that much more troubling.
Luke Deshotels, TikTok’s head of security, told the New York Times that there is no evidence of user records having been tampered with and that the company is “committed to protecting user data.” Deshotels went on to say that the problems have since been fixed (the vulnerabilities were reportedly made known to the company on November 20 and corrected by December 15). “Before public disclosure, Check Point agreed that all reported issues were patched in the latest version of our app,” said Deshotels. “We hope that this successful resolution will encourage future collaboration with security researchers.”
It’s not the first time people have raised concerns over TikTok’s handling of privacy issues. The Federal Trade Commission filed a complaint against the company in February, claiming that Musical.ly (TikTok’s former name) had illegally collected private information about children, including email addresses, names, and schools. The FTC reached a $5.7 million settlement with the company after finding the app did not ask for parental permission to collect user data, even though a large number of the app’s users were under the age of 13.
Christoph Hebeisen, head of research at the cybersecurity company Lookout, told the Times, “I would expect these types of vulnerabilities from a company like TikTok, which is probably more focused on tremendous growth, and on building new features for their users, rather than security.”