Illustration: Aïda Amer/Axios

TikTok patched multiple holes in its security at the end of 2019 that had left the video sharing app's accounts, videos and user information potentially exposed for most of the year, as detailed in a new report from cybersecurity research firm CheckPoint.

Why it matters: No personal data was found to be compromised, but this report provides some of the first in-depth details of security risks faced by TikTok — which is under the microscope as lawmakers criticize its Chinese ownership.

  • "We did prove that it was possible for a hacker to actually gain sensitive information," CheckPoint's Ekram Ahmed said, adding that the company has not yet found specific evidence of personal data breaches.

The big picture: TikTok's exposure depended on vulnerabilities in SMS text messaging that have confounded many other social media platforms and mobile services.

Details: CheckPoint found that attackers could delete a user's videos, create a video from a user's account, make private videos public, and scrape a user's sensitive information — like their email address, payment information or birthday.

  • TikTok implemented fixes for these issues within 30 days of CheckPoint alerting the app in late November, spokespeople for both companies told Axios.
“TikTok is committed to protecting user data. Like many organizations, we encourage responsible security researchers to privately disclose zero day vulnerabilities to us. Before public disclosure, CheckPoint agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers."
— Luke Deshotels, TikTok Security Team

Go deeper: TikTok's rise lands it in critics' crosshairs

Go deeper

Updated 12 mins ago - Politics & Policy

Ruth Bader Ginsburg will lie in state in Capitol's National Statuary Hall

Photo: Getty Images

House Speaker Nancy Pelosi announced Monday that the late Supreme Court Justice Ruth Bader Ginsburg will lie in state in the Capitol's National Statuary Hall on Friday, making Ginsburg the first woman to ever receive the honor.

The state of play: The Supreme Court also announced Monday that Ginsburg will lie in repose on the front steps of the building on Wednesday and Thursday, allowing the public to pay respects to the late justice outside.

24 mins ago - World

Trump announces new Iran sanctions in effort to maintain international arms embargo

Photo: Anna Moneymaker-Pool/Getty Images

President Trump signed an executive order on Monday that would impose sanctions on any person or entity that contributes to the supply, sale, or transfer of conventional arms to or from Iran or is engaged in providing training and financial support related to those weapons.

Why it matters: The executive order is the first step by the Trump administration to put teeth into its claim that international sanctions on Iran were restored over the weekend, one month after the U.S. initiated the "snapback" process under a United Nations Security Council resolution.

Exclusive: Conservative group launches $2M Supreme Court ad

Screengrab of ad, courtesy of Judicial Crisis Network.

The Judicial Crisis Network is launching a $2.2 million ad campaign to put pressure on vulnerable Senate Republicans in battleground states to support a quick confirmation when President Trump announces his Supreme Court nominee.

The big picture: "Follow Precedent," previewed by Axios, is one of the first national and cable television ads to run following Justice Ruth Bader Ginsberg's death Friday.