How to stay safe in the wake of the TikTok hack

In the past weeks Uber has learned that its systems were attacked by an 18-year-old hacker.

It is unclear what the specific intent or objective of the attack was, however shortly after the first rumors Uber began to acknowledge it was investigating security incidents.

What has been revealed is that social engineering was used to convince an employee to share access with the attacker. From there, various file systems were examined until the attacker found a set of scripts, or small programs used in automation, that provided account credentials.

In this instance, Uber was quick to share information about its investigation and some of the efforts it was undertaking to address and research the concerns.

The Federal Trade Commission publishes a guide, called “Data Breach Response,” which provides a good guide for general business practices, while the Cybersecurity and Infrastructure Security Agency — cisa.gov — offers more in depth technical response guidelines and training on their website under Cyber Incident Response.

Comparing this to the announcement earlier this month of a potential TikTok data breach that involved more than 2 billion users is a stark reminder of the constant threat that IT systems and its users face.

While not all of the details of the alleged TikTok attack are known — and with TikTok denying that an incident has even taken place — several sample files have been leaked. Those claiming responsibility for the alleged breach also have shared a bit about their attack vector.

It currently is alleged that the source code, or the actual programming behind the application we see, was stored in a less secure method on a cloud provider.

In the past year many companies have established presence on the platform, recognizing its value as a marketing tool.

However, this isn’t the first time the popular application has been under scrutiny. Even in 2020 the U.S. government was warning about the risk of this product.

Microsoft recently shared vulnerabilities that existed in the Android app. Further independent researchers have assessed the amount of data the application records, even when it is not active, and expressed privacy concerns.

There are a few things that users should do to mitigate risks associated with products like this:

If you have an account that may be affected by a security incident either confirmed or alleged, it’s highly advised you change your password, configure two-factor authentication and — if you have used that password elsewhere — create unique passwords for those accounts.

For those who develop software, too often we see attacks such as this in which code has been stored insecurely. Make sure to audit your access and permissions frequently on any platforms you use to develop code.

Configure alerts for large file transfers on your networks and invest in quality IDS/IPS products.

And make sure that the entire supply chain, including any subcontractors or partners, adheres to the same level of security as your organization.

Dan Tuuri is NewBoCo’s DeltaV IT and cybersecurity instructor.