- Sep 13, 2018
According to a blog post by Microsoft's Defender 365 research team, the vulnerability would have allowed hackers to hijack users' accounts without their knowledge and modify their TikTok profiles and sensitive information, such as publicizing private videos, sending messages and uploading videos on behalf of users.
In a proof of concept attack, Microsoft researchers were able to create a crafted link that was sent to a TikTok user. Once the targeted user clicked the link, researchers were able to change the TikTok account's bio to read "SECURITY BREACH."
BeeHive CyberSecurity recommends changing one's password and enabling Two-Factor Authentication ASAP.
Looking forward to more info for clarification. Edit: the Twitter link works here despite the notice. If it doesn't work, pls let me know.