A "high severity" security flaw in TikTok's Android app could have exposed hundreds of millions of users to hackers through the simple click of a specially crafted link.
According to a blog post by Microsoft's Defender 365 research team, the vulnerability would have allowed hackers to hijack users' accounts without their knowledge and modify their TikTok profiles and sensitive information, such as publicizing private videos, sending messages and uploading videos on behalf of users.
In a proof of concept attack, Microsoft researchers were able to create a crafted link that was sent to a TikTok user. Once the targeted user clicked the link, researchers were able to change the TikTok account's bio to read "SECURITY BREACH."
Microsoft's vulnerability assessment determined the issue was present in all global versions of TikTok's Android app, which has over 1.5 billion installations combined via the Google Play Store.
Microsoft says that the vulnerability has been fixed and that it "did not locate any evidence of in-the-wild exploitation."
The tech giant disclosed the vulnerability to the Chinese-owned social media app in February and an updated version of the app was released less than a month after the initial disclosure.
"Through our partnership with security researchers at Microsoft, we discovered and quickly fixed a vulnerability in some older versions of the Android app," a TikTok spokesperson told FOX Business. "We appreciate the Microsoft researchers for their efforts to help identify potential issues so we can resolve them."
The discovery comes after FCC Commissioner Brendan Carr urged Apple and Google to remove TikTok from their app stores, claiming it poses "an unacceptable national security risk" due to "extensive data harvesting." Carr cited a BuzzFeed News report that claimed that American users' data has been repeatedly accessed by China-based employees of ByteDance, Tiktok's parent company.
In July, Sens. Marco Rubio and Mark Warner penned a letter to Federal Trade Commission Chairwoman Lina Khan asking her to investigate TikTok and ByteDance's data security, processing and corporate governance practices. In August, Chief Administrative Officer of the House Catherine Szpindor issued an advisory discouraging lawmakers from using Tiktok.
TikTok has surpassed 1 billion monthly active users globally.