TikTok vulnerability allowed hackers to access users’ phone numbers

TikTok vulnerability allowed hackers to access users’ phone numbers

The vulnerability existed in TikTok’s “Find Friends” feature that lets users sync their phone contacts with the app and connect profiles with their phone numbers.


TikTok has more than 1 billion users worldwide making it a lucrative target for cybercriminals. Any vulnerability in the platform, if exploited, can be disastrous for its unsuspected and young userbase. 


Last year, a TikTok vulnerability allowed hackers to send SMS loaded with malware. Now, the IT security researchers at Checkpoint have reported a critical vulnerability in TikTok’s mobile app that would allow attackers to extract the personal details of users including their phone number associated with the account.


Additionally, attackers could also access the victim’s unique ID, profile picture, and name. If attackers are aware of your phone number along with personal details they can use them for malicious purposes including SMSishing attacks or carry out sim swapping attacks.

The vulnerability which has now been fixed by TikTok existed in its “Find Friends” feature that lets users sync their phone contacts with the app and connect profiles with their phone numbers. It is however worth noting that it is not mandatory for users on TikTok to connect their phone numbers with the account.



Furthermore, TikTok generates token and session cookies during the SMS login process which expires only after 60 days. The vulnerability allowed an attacker to use token and session cookies to log into the victim’s account for over 2 months wit ..

Support the originator by clicking the read the rest link below.