Monday’s announcement of a potential TikTok data breach (involving more than 2 billion users) is a stark reminder of the constant threat that IT systems and users face.
While not all of the details of the alleged attack are completely known (and with TikTok denying that an incident has even taken place), several sample files have been leaked. Those claiming responsibility for the alleged breach have also shared a bit about their attack vector.
Currently, it is alleged that source code, or the actual programming behind the application we see, was stored in a less secure method on a cloud provider. If true, this allowed individuals to access the SQL databases in the backend. It does appear that the information may have originated with a third party technology provider.
There is no doubt that the popular platform has allowed people to quickly share their personalities through fun dances, comedic relief, and all other varieties of entertainment. In the past year more and more companies have also established presence on the platform, recognizing it’s value as a marketing tool.
However, this isn’t the first time the popular application has been under scrutiny. Even in 2020 the United States Government was warning about the risk of this product. Recently Microsoft shared vulnerabilities that existed in the Android app. Further independent researchers have assessed the amount of data the application records, even when it is not active, and expressed privacy concerns.
There are a few things that users should do to mitigate risks associated with products like this:
1. Be wary of applications owned by foreign countries, as they may not be as stringent in protecting your data or disclosing security breaches.
2. Disable and delete accounts that you no longer utilize, ensure that these applications are removed from all of your mobile devices.
3. ALWAYS utilize 2FA (Two Factor Authentication) and check your account logins for suspicious activities.
4. Make sure that you are using unique passwords for each login that you have.
If you have a TikTok account, it’s highly advised that you change your password, configure 2FA, and – if you have utilized that password elsewhere – create unique passwords for those accounts.
For those who develop software, too often we see attacks like this where code has been stored insecurely. Make sure to audit your access and permissions frequently on any platforms you utilize to develop code. Configure alerts for large file transfers on your networks and invest in quality IDS/IPS products. Make sure that the entire supply chain, including any subcontractors or partners, adheres to the same level of security as your organization.
Examples like this are just one small reason why NewBoCo and DeltaV are invested in developing and teaching people for the ever changing world through our Code, CyberSecurity, Digital Marketing, and IT Helpdesk programming.