TikTok addresses flaw that let hackers steal phone numbers

Alice Hearing
TikTok bug

TikTok has found a “severe” bug that would allow users’ phone numbers to be compromised if taken advantage of by attackers. 

Just like other app developers, TikTok has a bounty program that allows security firms and users to try and find unknown problems within the app and get a nice cash reward for doing so.

The security firm Check Point Research recently discovered a flaw in the popular app’s security that allows hackers to use “Friend finder” to take phone numbers and other personal details that would be entered into a database to be used for future malicious intent.

According to Check Point, these details include “phone numbers, nicknames, profile and avatar pictures, unique user IDs and settings such as whether a user is a follower or if a user’s profile is hidden.”

TikTok new app notification
TikTok has more than 1 billion users around the world

The company said it immediately informed TikTok and that the app’s developers quickly found a solution to the vulnerability which could have affected the 1 billion people that use the platform.

The “Friend finder” feature allows creates a user token and a session cookie for each unique device that creates an account. However, these cookies exist for up to 60 days from creation, which means they can be added to virtual devices rather than physical phones.

How to update your privacy settings

TikTok privacy settings
TikTok allows you to remove devices you don’t recognize in settings

If you’re concerned and you’d like to make your TikTok account a little more secure, there are a few things you can do. To find privacy settings, go to your profile and click on the three dots in the top right-hand corner. From there you can change your privacy, and your security and login settings.

Under the Privacy tab, you can toggle “find your contacts” on or off, and you can change your ad settings to allow or stop companies from receiving any data.

If you are concerned that your account may be compromised, you can secure your account under the Security and login tab by viewing security alerts, removing any devices you don’t recognize, and turning 2-step verification on.