Tag Archive for: TikTok

There was a TikTok Android app exploit that let hackers hijack accounts with one click

/in


Don’t freak out, as it’s long resolved now, but Android users should really think twice before clicking any links in the TikTok app after security flaws were found and reported that made it ridiculously easy to steal others accounts with a simple link. While it’s been addressed for now, it’s always good internet security advice to not go clicking unknown links and with an exploit this simple it’s a good idea to be ever vigilant out there.

According to BleepingComputer, (opens in new tab) Microsoft reported the flaw to TikTok back in February but given the potential severity, it’s not too surprising we aren’t hearing about it until now. With a well crafted malicious link, reportedly more than 70 JavaScript methods could be used to get access to the app’s webview, only used by the Android app. 

Source…

TikTok denies breach after hacker claims to have user data and source code

/in


TikTok has denied a claim that it had been breached after a hacker on a popular hacking forum claimed to have obtained both user data and source code from the popular service.

A hacker going by the name of “AgainstTheWest” claimed to have breached TikTok on Breach Forums on Sept. 3 and stolen data from the Chinese instant messaging app WeChat as well. The hacker shared screenshots of alleged databases belonging to the companies and claimed they contained 2.05 billion records of more than 790 gigabytes.

AgainstTheWest claimed to have obtained the data from an Alibaba Group Holding Ltd. cloud instance. Given how often data breaches occur with exposed Amazon Web Services Inc. cloud instances, the claim is believable, but doubts followed shortly after that.

In response to the claimed data breach, TikTok said the claim is false and the source code shared by the hacker isn’t part of its platform. “This is an incorrect claim — our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code, which has never been merged with WeChat data,” a spokesperson for TikTok told Bleeping Computer today.

However, some of the user data in the alleged data breach has been found to be legitimate. Troy Hunt from HaveIBeenPwnd tested the data and found some matches.

TikTok confirmed the presence of some data, adding that it could not have been a result of direct scraping of its platform. Bleeping Computer suggests that the data may have been gathered by a third-party data scraper or broker who scrapped publicly available data.

Notice on Breach Forums

Breach Forums, a successor site to the now shut-down RaidForums, has banned AgainstTheWest for “lying about data breaches.” The move is surprising given that the forum is a cesspool of data breaches, ransomware leaks and other stolen material. Still, perhaps there is honor among thieves when someone makes a…

Source…

Woman’s Hack for Eating Ramen With Straws Goes Viral on TikTok

/in


Every now and again, someone on the internet challenges the way you do something and makes you reconsider everything you thought you knew. This is one of those times.

On Tuesday, TikToker @bribri_is_wheezy posted a ramen-eating hack she utilizes to eat the noodles and sip the broth using only one hand, no bowl-slurp necessary.

“Perhaps this is unhinged,” reads the text on the now-viral video. “But my pro tip is I eat my ramen at home with 2 reusable straws so I can pick up the noodles & slurp my broth with one hand.”

As “Bad Habit” by Steve Lacy bops in the background of the video titled “Im grasping at straws,” you see the TikToker do just that — and with 2.8 million views and more than 307,000 likes, this hack is a certified banger. Many users took to the comment section to laud @bribri_is_wheezy on her clever use of engineering with utensils many of us already have sitting in our cutlery drawers.

“Sometimes, very rarely, this app shows me something that changes me forever like this,” said one commenter on TikTok.

“This is oscar isaac with the cheetos level engineering,” said another commenter, referencing a viral “She-Hulk” and Oscar Isaac cheeto-eating technique.

“This just changed my worldview. It might also have healed some childhood trauma,” said another TikTok user, to which she replied, “Anything I can do to heal.”

“I gasped,” said another TikTok commenter.

Still, there are people who take umbrage with her soup-eating technique and have many questions about why she doesn’t just slurp her soup like people have been doing since ramen was invented in the 1800s.

“Feels illegal,” commented one TikTok user.

“Using a straw for hot liquids is scary,” said another TikTok commenter.

Other users said that showing the clip to their spouses made them “irate” and made some want to “call the FBI.”

Unabated, @bribri_is_wheezy responded to some of the comments on her original hack as the questions rolled in.

“To everyone saying ‘just sip from the bowl’: the bowl the ramen place gave me here has a lip and I couldn’t tip it to sip easily,” she said in a reply to the anti-straw contingent in her comment section.

The…

Source…

How Frustration Over TikTok Has Mounted in Washington

/in


In an interview, Mr. Beckerman called TikTok’s data collection “all very minor” compared with other social apps. To reduce security concerns, the app has said that it plans to store all its American data solely on Oracle servers in the United States, deleting its backups in Singapore and Virginia, and managing access from the United States. The process, Mr. Beckerman said, would probably be finished this year. He did not offer a specific date.

The White House may be preparing to act soon on broader policy around apps that could expose data to foreign adversaries. Earlier this year, it circulated a draft of an executive order that would give the government more power to intercede in cases where data is at risk of being exposed to an adversary. The Biden administration is also expected to issue guidance soon for a committee that vets transactions involving foreign companies, telling it to be especially sensitive to cases that could expose Americans’ data to other governments. It is also considering ways to review whole classes of potentially risky deals, rather than approaching them on an individual basis.

“The Biden administration is focused on the challenge of certain countries, including China, seeking to leverage digital technologies and Americans’ data in ways that present unacceptable national security risks while advancing authoritarian control and interests,” said Saloni Sharma, a spokeswoman for the National Security Council. “The administration is also reviewing additional potential actions to address this challenge.”

TikTok has faced security questions for years, especially in 2020 when Mr. Trump issued an executive order to block it from the Apple and Google app stores unless ByteDance sold the app to an American firm. He later announced a deal to sell part of the app to Oracle, the American cloud computing giant, but it never came to pass. Federal courts eventually ruled that Mr. Trump’s order blocking TikTok was illegal, along with another blocking the Chinese-owned app WeChat, and last summer, Mr. Biden rolled both back.

But the government has continued trying to reduce risks associated with TikTok….

Source…