In the lead-up to Turkish President Recep Tayyip Erdoğan's narrow reelection victory in May, TikTok, the popular social media platform, encountered a serious security breach that compromised as many as 700,000 user accounts in Turkey. The breach, revealed through internal emails and chat logs, exposed a vulnerability stemming from TikTok's use of "greyrouting" for SMS messages, leaving accounts susceptible to attack. Forbes reports.
Greyrouting involves sending SMS text messages through unsecured channels to bypass international telecommunications fees, saving companies money but compromising message security. TikTok's security chief, Roland Cloutier, received a warning from the U.K.'s National Cyber Security Centre in April 2022, alerting the company to potential risks posed by this practice, including unauthorized access to users' accounts through intercepted one-time passwords.
Despite being aware of the vulnerability, TikTok chose not to change its SMS message providers to avoid incurring significant expenses each month. The breach, described as the largest known compromise of TikTok accounts acknowledged by the company, raised concerns about the platform's data security practices and its responsibility as one of the world's most popular apps.
The company's spokesperson, Alex Haurek, denied claims of a hack, stating that no internal systems were compromised, and no company data was stolen. TikTok attributed the unusual activity to inauthentic behavior and took immediate measures to reverse and terminate it while assisting affected users in securing their accounts. Haurek also emphasized that TikTok's internal investigation found no evidence linking the breach to the Turkish elections.
TikTok and its parent company, ByteDance, have faced heightened scrutiny regarding their data security practices and potential ties to the Chinese state. Recent revelations exposed that sensitive financial information from thousands of U.S. vendors and creators was stored in China, contrary to previous assurances from TikTok's CEO. Additionally, ByteDance is under federal investigation for allegedly using the TikTok app to spy on journalists.
Share Your Thoughts