Microsoft has disclosed a vulnerability in TikTok that could give hackers access to user accounts, putting their private videos at risk.
The Redmond-based technology giant's 365 Defender Research Team has been credited with the find and the flaw has since been plugged by TikTok.
Microsoft said the bug in the Android app would have allowed bad actors to take over accounts with a single click. It worked by having the user click on a malicious link, which would have then allowed the bad actors to hijack the account.
TikTok has two different versions of the Android app, one for East and Southeast Asia and another for the rest of the world. Microsoft said the bug was present on both versions of the app.
"Performing a vulnerability assessment of TikTok, we determined that the issues were affecting both flavors of the app for Android, which have over 1.5 billion installations combined via the Google Play Store," Microsoft said in a blog post.
"Attackers could have leveraged the vulnerability to hijack an account without users’ awareness if a targeted user simply clicked a specially crafted link. Attackers could have then accessed and modified users’ TikTok profiles and sensitive information, such as by publicizing private videos, sending messages, and uploading videos on behalf of users," wrote the technology giant.
The vulnerability was disclosed to TikTok in February of this year and the company quickly issued a patch to fix the issue.
Microsoft also emphasised the importance "of exercising caution when clicking unknown links" as they could be potential gateways to malicious actors.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
