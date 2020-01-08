By | Published: 8:01 pm 8:05 pm

Researchers at Israeli cybersecurity firm Check Point Research on Wednesday exposed multiple vulnerabilities in Chinese short-video making app TikTok, which has over a billion users globally and nearly 300 million in India, saying that personal information such as private and email addresses and sensitive videos of its users are vulnerable to hackers.

The Chinese video making platform is used mainly by teenagers and kids to share, save and keep private (and sometimes very sensitive) videos of themselves and their loved ones.

The researchers have discovered that an attacker could send a spoofed SMS message to a user containing a malicious link. When the user clicked on the malicious link, the attacker was able to get a hold of the TikTok account and manipulate its content by deleting videos, uploading unauthorised videos, and making private or “hidden” videos public.

The research also found that Tiktok’s subdomain — https://ads.tiktok.com was vulnerable to XSS attacks, which is a type of attack in which malicious scripts are injected into otherwise benign and trusted websites.

The researchers leveraged this vulnerability to retrieve personal information saved on user accounts including private email addresses and birthdates.

The Israeli cyber security firm informed TikTok developers of the vulnerabilities exposed in this research and a fix was deployed to ensure its users can safely continue using the TikTok app.