Illustration: Aïda Amer/Axios

TikTok patched multiple holes in its security at the end of 2019 that had left the video sharing app's accounts, videos and user information potentially exposed for most of the year, as detailed in a new report from cybersecurity research firm CheckPoint.

Why it matters: No personal data was found to be compromised, but this report provides some of the first in-depth details of security risks faced by TikTok — which is under the microscope as lawmakers criticize its Chinese ownership.

  • "We did prove that it was possible for a hacker to actually gain sensitive information," CheckPoint's Ekram Ahmed said, adding that the company has not yet found specific evidence of personal data breaches.

The big picture: TikTok's exposure depended on vulnerabilities in SMS text messaging that have confounded many other social media platforms and mobile services.

Details: CheckPoint found that attackers could delete a user's videos, create a video from a user's account, make private videos public, and scrape a user's sensitive information — like their email address, payment information or birthday.

  • TikTok implemented fixes for these issues within 30 days of CheckPoint alerting the app in late November, spokespeople for both companies told Axios.
“TikTok is committed to protecting user data. Like many organizations, we encourage responsible security researchers to privately disclose zero day vulnerabilities to us. Before public disclosure, CheckPoint agreed that all reported issues were patched in the latest version of our app. We hope that this successful resolution will encourage future collaboration with security researchers."
— Luke Deshotels, TikTok Security Team

Go deeper: TikTok's rise lands it in critics' crosshairs

Go deeper

2 hours ago - World

China-Iran deal envisions massive investments from Beijing

Illustration: Aïda Amer/Axios

China and Iran have negotiated a deal that would see massive investments flow into Iran, oil flow out, and collaboration increase on defense and intelligence.

Why it matters: If the proposals become reality, Chinese cash, telecom infrastructure, railways and ports could offer new life to Iran’s sanctions-choked economy — or, critics fear, leave it inescapably beholden to Beijing.

Updated 3 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Global: Total confirmed cases as of 7 p.m. ET: 13,048,249 — Total deaths: 571,685 — Total recoveries — 7,215,865Map.
  2. U.S.: Total confirmed cases as of 7 p.m. ET: 3,353,348— Total deaths: 135,524 — Total recoveries: 1,031,856 — Total tested: 40,282,176Map.
  3. World: WHO head: There will be no return to the "old normal" for foreseeable future — Hong Kong Disneyland closing due to surge.
  4. States: Houston mayor calls for two-week shutdownCalifornia orders sweeping rollback of open businesses — Cuomo says New York will use formula to determine if reopening schools is safe.
  5. Education: Los Angeles schools' move to online learning could be a nationwide tipping point.

House Judiciary Committee releases transcript of Geoffrey Berman testimony

Geoffrey Berman. Photo: Alex Wong/Getty Images

The House Judiciary Committee on Monday released the transcript of its closed-door interview with Geoffrey Berman, the former top federal prosecutor in Manhattan who was forced out by Attorney General Bill Barr last month.

Why it matters: House Democrats have seized on Berman's testimony, in which he claimed the attorney general sought to "entice" him into resigning so that he could be replaced by SEC chairman Jay Clayton, to bolster allegations that the Justice Department has been politicized under Barr.