from DION HENRICK in Cape Town
CAPE TOWN – LEADING technology companies have in recent days borne the brunt of cyber criminals seeking to compromise users’ accounts and steal sensitive data.
Samsung, the smart devices maker, and Tiktok, a global-known social media app, have come under attacks in recent days.
TikTok, with more than 1 billion users a month, makes it an enticing lure for cyber criminals who seek to compromise users’ accounts and steal sensitive data.
Reports indicate a potential breach of TikTok and alleged stealing of 2 billion database records.
“If the allegations on the Breach Forums message board are true, this could be a serious issue for many users,” said David Emm, principal security researcher at Kaspersky’s Global Research and Analysis Team (GReAT).
If alleged database records are user login credentials, the consequences can range from increased activity by attackers sending them spam or phishing messages, which already carries the risk of losing banking details and personal information, to even hacking into an account at TikTok.
Emm explained since many celebrities and bloggers use TikTok as their main source of communication with their audience, cyber criminals might be able to compromise them by publicizing private videos, sending messages and uploading videos on their behalf.
“The extent of the consequences depends on how the company handles passwords – if they are hashed and salted, it makes it much less likely,” he said.
Samsung has confirmed it suffered a data breach that led to the personal information of customers being leaked online.
Although Samsung did not disclose the number of users affected, many of their credentials are likely to end up on the dark web and will be sold to criminals for dirt-cheap prices, research by NordVPN indicated.
Emails and phone numbers on the illicit web are reportedly sold in batches for around $10 on average.
Names, birth dates and other details are sold as “fullz” – full personal identity data sets – and cost $24 on average per batch.
These batches are later used mostly for phishing attacks or other malicious purposes, such as tricking people into giving up their vulnerable information or even money,” explained Daniel Markuson, a cyber security expert at NordVPN.
Kaspersky recommended that TikTok users worried that their account credentials might have been compromised to change their passwords.
NordVPN gave similar advice to Samsung customers believing they might be affected.
– CAJ News