Wed. Jan. 26, 2021 |By Zak Doffman – Forbes |
A new warning today for the hundreds of millions of users with TikTok’s app on their phones. If you have your phone number linked to your profile, you should remove it—but, beware, that’s very difficult to do. And while your number is still there, TikTok will use it to track you online. So, here’s what you do now.
If you have TikTok on your phone, there’s a good chance it has your number—it’s the easiest way to sign up for an account and then login. But now security researchers at Check Point suggest you change that. “I see significant privacy risks in users giving TikTok their phone number as an account identifier,” Check Point’s Ekram Ahmed warns. “Phone numbers can be a very powerful data source for tracking location.”
Check Point has issued this warning “given TikTok’s past issues with data security,” according to Ahmed. The security firm has just released a report into the latest such threat. The firm says that a server-side security vulnerability would have enabled an outside actor to query TikTok’s database, pulling private information, linking phone numbers to profiles. This could then have been used to harvest private contact details for celebrities or to build a database of users that could have been targeted at scale. Put simply, throwing lists of random numbers at TikTok returned matching profiles.
Check Point’s Oded Vanunu tells me that the accessible details “included phone numbers, nicknames, profile and avatar pictures, unique user IDs, as well as certain profile settings, such as whether a user is a follower or if a user’s profile is hidden.”
Linking phone numbers to social media profiles is not new—there’s another news story doing the rounds this week about a Telegram bot querying leaked Facebook data to do the same. But anything TikTok related carries extra spice given the U.S. campaign last year—this alleged links between the platform’s parent, ByteDance, and the Chinese state and that users risked their data being spirited back to China…
Read the full story here.
