So… yeah. This might mean that TikTok can have access to every keyboard input, such as passwords, credit card information, etc. Krause stated that it is uncertain if the App really collects and somehow uses this information or just has the ability to track them. According to the New York Times, the Chinese company stated that “Contrary to the report’s claims, we do not collect keystroke or text inputs through this code”, justifying the feature to be used for “debugging, troubleshooting and performance monitoring.” But that’s not all.
365 Defender Research team shows that TikTok had a breach that was leading users buy afghanistan telegram database to extremely vulnerable experiences. This issue could allow attackers to hijack a user’s account with literally a single click of a crafted link. Hijack according to the Cambridge Dictionary means “to force someone to give you control of a vehicle, aircraft, or ship that is in the middle of a trip.” In this case, the breach could be used to steal or “kidnap” one’s account with a single click.
Then, attackers could have access to the in-app features of a user account, such as publishing videos, sending messages, interacting with other accounts and even changing personal information. The issue was more likely to happen with Android users. Fortunately, TikTok has already fixed it and the Microsoft 365 Defender Research Team has not identified any major exploitation. So, it is strongly recommended that users keep their app up to date, using the latest version of it. Instagram surfing TikTok’s wave… even on privacy issues Meta (formerly Facebook Inc.