Category: Tiktok

In recent years, we have seen cyberattacks targeting election infrastructure, with the aim of either influencing results or manipulating those involved in the electoral process. However, a new twist emerged in November 2024 when a cyberattack impacted TikTok influencers with millions of followers, all to sway voters’ opinions.

Romania’s Intelligence Service (SRI) confirmed that a cyberattack on the country’s election infrastructure on November 19, 2024, led to cybercriminals gaining access to sensitive data, including credentials for election-related websites and critical information about the electoral framework. Shockingly, within minutes of breaching the network, the attackers leaked the stolen data on a Russian hacking forum.

Cybersecurity experts suggest the attack, which coincided with the first round of Romania’s presidential elections, may have been the result of a phishing campaign targeting employees or an exploitation of vulnerabilities in the SQL server. According to SRI, by November 25, just before the election concluded, there had been over 85,000 cyberattacks on the country’s election infrastructure.

The compromised data potentially included login credentials for websites such as bec.ro, roaep.ro, and registrulelectoral.ro.

Meanwhile, the cyberattack also impacted a number of TikTok influencers. SRI discovered that the hackers paid certain influencers to promote Calin Georgescu as the predicted winner of the presidency. Other influencers had their accounts hacked without their knowledge, with the breach lasting between 45 to 90 minutes before TikTok detected the issue and locked the affected accounts. TikTok then notified the account owners about the unauthorized access.

This campaign, which likely aimed to spread disinformation, fake reviews, and fraudulent exit polls, generated considerable attention and engagement, pushing content that aligned with specific political interests. The manipulated posts gained significant views and even trended for a period, potentially influencing the opinions of voters.

The Romanian Foreign Intelligence Service (SIE) has directly accused the Russian government of orchestrating the attack, interpreting it as an attempt to undermine NATO and retaliate against Ukraine in the wake of ongoing hostilities with Vladimir Putin.

Interestingly, reports also suggest that TikTok could face an official ban after Donald Trump assumes office on January 20, 2025.

The post TikTok influencers being targeted by cyber attacks for Election results manipulation appeared first on Cybersecurity Insiders.

Execs at a health tech startup are sentenced to jail after a massive ad fraud, and a school is shaken after teachers are targeted via TikTok. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Execs at a health tech startup are sentenced to jail after a massive ad fraud, and a school is shaken after teachers are targeted via TikTok. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

TikTok, the video-sharing platform that previously faced bans in the United States over data privacy concerns, encountered a cyber attack on a recent note. However, according to the company, the impact was minimal, primarily affecting a few brands and celebrities.

As a subsidiary of the Chinese company ByteDance, TikTok is actively working to mitigate risks and has made significant progress in recovering from the cyber incident.

Interestingly, the attack coincided with the former US President Donald Trump’s decision to join TikTok to communicate with his followers. Trump, who previously banned the platform in 2018 citing national security concerns, stated his intention to connect with supporters across various social media networks.

Regarding the attack, TikTok revealed that hackers targeted celebrities such as Paris Hilton, who have substantial followings. Fortunately, no data was compromised, as the platform’s authentication servers promptly detected and prevented any unauthorized access.

Notably, prominent figures like President Joe Biden and 3rd time consecutively elected Indian Prime Minister Narendra Modi also maintain TikTok accounts with significant followings.

Additionally, CNN fell victim to the attack when its TikTok account was compromised. However, the cyber criminals failed to access any data due to the platform’s robust security measures.

In today’s digital age, many individuals, particularly young women aged 13-43, utilize social media platforms to showcase their talents and skills. However, it’s essential to exercise responsible behavior and adhere to security protocols given the evolving cyber threat landscape.

The post TikTok faces cyber attack but only few celebrities and brands impacted appeared first on Cybersecurity Insiders.

A woman's attempt to hire an assassin online backfires badly, it's scary just how cheap it is to buy information about US military personnel, and trolls and tattoos don't mix. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner. Plus don’t miss our featured interview with Jason Meller of Kolide.
Mix TikTok with facial recognition, and you've got a doxxing nightmare, T-Mobile users report bizarre behaviour in their accounts, and a Windows flaw provides a new means of infecting users. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.

The European Union has imposed a substantial €345 million fine on the popular video-sharing platform TikTok for its failure to adequately protect children’s data. The penalty comes following a notice from Ireland’s Data Protection Commission (DPC), an EU data privacy authority, which cited eight privacy and information processing violations and issued a three-month ultimatum for the company to rectify its practices.

One of the key issues identified by the DPC was that TikTok’s default profile settings for children were set to ‘public,’ exposing their content to anyone. Additionally, the ‘Family Pairing’ feature, designed to allow parents to connect with their child’s content and send direct messages, was also accessible to all users, posing significant risks to these accounts.

TikTok’s failure to adequately inform users under the age of 16 about the potentially invasive privacy options while posting videos constituted a clear violation of the European Data Protection Board (EDPB) regulations and a significant breach of the General Data Protection Regulation (GDPR).

In response to the imposed penalty, TikTok has initiated an appeal while taking steps to address the privacy concerns. They have now made the videos posted by users aged 12-15 private by default and enabled customization of viewership for users below the age of 16.

To ensure compliance with the newly enforced regulations, the company, owned by ByteDance and based in Singapore, has revamped its user account registration process for individuals above 17 years of age. They have also restricted parents from sending direct messages to accounts marked as ‘Private.’

Previously, TikTok primarily catered to users under the age of 40, but during the lockdown period, the platform experienced a remarkable 45% increase in registrations from users aged 40 and above.

In light of these developments, the mobile application-driven business platform is committed to resolving these privacy issues discreetly, recognizing the potential adverse effects on its revenue. TikTok is determined to address data privacy concerns amicably, separate from the ongoing business endeavors of Douyin and its affiliated infotech platform, Musical.

The post TikTok slapped with €345m Child Privacy penalty by EU appeared first on Cybersecurity Insiders.

Since 2018, TikTok, the Chinese-based video-sharing platform, has faced relentless criticism over its alleged mishandling of data security. Initially, the United States banned the app’s use on all government-issued phones, setting off a domino effect that led to similar actions in Australia, Germany, the UK, and New Zealand.

Despite TikTok’s efforts to reassure the public that it doesn’t transmit user-generated data to servers in Beijing, the leaders of major Western nations remained unconvinced and skeptical of these explanations.

To address these lingering data security concerns, Byte Dance, the parent company of TikTok, has taken the proactive step of enlisting the expertise of the UK-based cybersecurity firm NCC to conduct a thorough review of its data storage and security practices, with the aim of producing a comprehensive report.

This independent review, conducted entirely separate from the GCHQ cyber arm NCSC, will scrutinize all the controls and safeguards in place within the world’s most popular social media platform.

This initiative is part of the broader “Project Clover” program, designed to ensure the secure transit of European user-generated data to TikTok’s recently established data center in Dublin. This move aligns with the General Data Protection Regulation (GDPR) laws that came into effect in 2018.

“Project Clover” represents TikTok’s commitment to safeguarding user data against potential espionage and unauthorized access. As part of this commitment, TikTok plans to store the data of its 150 million European users across three data centers: two in Dublin and one in Norway, with full operation scheduled for April 2024.

Beginning on September 5, 2023, the NCC Group will have the authority to conduct a comprehensive data audit, ensuring that user information is only accessible to authorized personnel and is maintained in secure environments.

With these measures in place, TikTok, a platform particularly popular among young and middle-aged women, can finally breathe a sigh of relief, as it seeks to dispel allegations from Western media sources that suggest Chinese intelligence may be misusing and analyzing user-generated data for its own interests.

The post TikTok hires British Security firm to banish data security concerns appeared first on Cybersecurity Insiders.

The concerns raised by the United States regarding the use of TikTok on government-owned devices led to restrictions on its usage during the Trump administration. However, under President Joe Biden’s leadership, a comprehensive ban was implemented on the video messaging app owned by the Chinese conglomerate ByteDance owner Zhang Yiming. The primary rationale behind this nationwide prohibition was rooted in national security considerations.

This move prompted several other nations to follow suit and impose bans on the Chinese mobile entertainment application. Notable instances include:

1.) Afghanistan – In 2022, TikTok was banned due to concerns about national security and its potential negative influence on the younger population. The ban was extended to include PUBG as well.

2.) Australia – TikTok was barred from use on federal devices.

3.) Belgium – Restricted usage only on federal devices.

4.) Canada – TikTok ban extended to government-issued devices.

5.) Denmark – The app was banned on all devices issued by the defense ministry.

6.) European Union – The European Parliament, European Commission, and EU Council prohibited the use of TikTok on devices owned by staff and lawmakers.

7.) France – Usage was banned on government-issued devices.

8.) India – A nationwide ban was implemented across all devices.

9.) Latvia – A ban was enforced on foreign ministry smartphones.

10.) Netherlands – The Dutch government issued a TikTok ban on its devices.

11.) New Zealand

12.) Norway

13.) Pakistan – A temporary ban was instituted.

14.) Taiwan

15.) Japan

16.) United Kingdom

17.) New York City – A region-wide ban on TikTok was implemented separately.

 

A study by the business research firm Bernstein revealed that the ban could potentially benefit other online service providers such as Meta, Snapchat, and Google. These platforms could see a significant increase in viewership for short-video content, translating into substantial advertising revenues of over $8 billion daily for each company.

In a related survey conducted by Reuters, it was found that more than half of American adults (approximately 53%) supported the idea of banning the Chinese-owned social media app. TikTok has amassed a staggering revenue of over $140 billion for the company to date.

However, the question of the advantages of enforcing a TikTok ban arises. Here are some points to consider:

a.) Opportunity for Other Platforms: The ban could prompt small companies to shift their marketing efforts to alternative platforms, benefiting different firms and diversifying revenue streams.

b.) Impact on Businesses: TikTok’s wide user base, particularly among younger audiences, has made it a powerful marketing tool for apparel and electronics companies. A ban could lead to revenue losses as they lose a valuable marketing channel.

c.) Complexity of Data Security: While data security and privacy are vital concerns, banning an application( having 1billion active users worldwide) solely due to its Chinese origin may not be practical. The global electronics industry relies heavily on components manufactured in China, raising questions about the consistency of this approach.

In conclusion, the ban on TikTok, initiated by the United States and followed by other nations, has triggered a series of consequences affecting various sectors. The debate surrounding its benefits and implications continues to evolve, with considerations extending beyond national security to encompass economic and technological dimensions.

The post List of countries that issued TikTok ban due to data security concerns and benefits appeared first on Cybersecurity Insiders.