Home | How do TikTok Leaks Affect Your Cybersecurity Posture?

How do TikTok Leaks Affect Your Cybersecurity Posture?

Orlaith Traynor

6 min readJanuary 10, 2025

What is going on with TikTok? Will 2025 see the U.S. government close the curtain on the infamous TikTok algorithm?

Despite its popularity, TikTok has been plagued by cybersecurity concerns in recent years. It’s also been scrutinized for its links with ByteDance, a Chinese company.

But what does this mean for everyday users and companies? How safe is TikTok? Let’s explore recent TikTok privacy incidents, its main cybersecurity risks, and actionable steps you can take to stay secure.

1. The backdrop: TikTok and cybersecurity

TikTok is one of the fastest-growing social media platforms, with over 1 billion active users. Its ‘foryoupage’ (fyp/ fypage) delivers a personalized sequence of TikTok videos that you can view and repost.

The content is based on your interests, with categories including entertainment, dance, memes, anime, and pranks. It also offers TikTok Shop, an e-commerce platform.

However, TikTok privacy concerns often hit the headlines. While all social media apps carry their own cybersecurity risks, TikTok stands out due to its unique geopolitical ties and ownership.

Graphic of TikTok videos from Fly High Media. Source.

Timeline of TikTok security incidents

  • February 2019: After merging with the new TikTok platform, the app Musical.ly had to pay $5.7 million following FTC allegations that they had violated childrens’ privacy laws.
  • June 2020: India banned TikTok after a military clash on their border with China. Alongside privacy concerns, it stated, ‘Chinese apps pose a threat to India’s sovereignty and security.’ (It has banned over 500 Chinese apps to date.)
  • August 2020: TikTok faced a class action lawsuit over improper data processing for 89 million users, including facial recognition data.
  • June 2022: Chinese TikTok employees were revealed to have accessed American user data, with a key employee saying, “Everything is seen in China.”
  • December 2022: TikTok’s Chinese parent company, ByteDance, stated that four employees used the app to spy on reporters.
  • April 2023: British regulators fined TikTok £12.7 million for data law violations, including processing data of children under the age of 13.
  • March 2024: The United States House passed a bill that demanded TikTok’s Chinese owners sell the company, or be banned in America.
  • November 2024: Canadian authorities ordered TikTok to dissolve its operations in the country—but did not enforce a ban.
News video screenshot from The New York Times. Source.

2. The main dangers of TikTok

Why are governing bodies like the US, UK and Canada so concerned about TikTok? Every app carries its own risks, but there is a particular list of TikTok security concerns that stand out.

Extensive TikTok data collection

Does TikTok steal your information? While TikTok gathers a lot of data, including phone numbers, ultimately, its data processing and behavioral tracking is similar to other social media apps.

However, what sets TikTok apart is its Chinese owners, ByteDance. Critics state that ByteDance is subject to China’s National Intelligence Law, obliging them to share user data—although TikTok denies this on their ‘Myths vs Facts’ web page.

Nonetheless, a huge amount of data is accessible, and it could potentially “allow China to create a full user portfolio for all its users,” according to Forbes.

An overview of TikTok’s signup page.

Information campaigns and large-scale influence

CybelAngel’s CISO, Todd Carroll, observed in a recent blog that, ‘Malicious state actors are all over social media.’ Chinese threat actors may have a particular interest in TikTok, due to its affiliations.

In an NPR podcast, experts cited the power of foreign influence on platforms like TikTok, where countries like China can run online information operations, such as ‘sowing doubts about US leadership and ultimately undermine democracy.

With one-third of the adult population accessing news stories via TikTok, the US Department of Defense highlights the dangers of foreign nations using it as a platform to spread their own information campaigns.

For example, after the US bill to ban or force its sale, TikTok sent notifications to its users and asked them to, “Speak up now” or see their accounts banned, which led to congressional offices receiving countless phone calls.

A screenshot of the in app TikTok notification to users.

The risk of deepfakes and AI machine learning

A RAND report on the dangers of TikTok stated that, “The potential for extensive audiovisual data collection to facilitate advanced deepfake creation is a compelling and urgent reason to scrutinize foreign-controlled apps like TikTok.”

In the report, some critics suggest that TikTok’s video format offers the perfect training format for AI models—while the TikTok watermark makes it difficult for other tools to use the same content, essentially giving TikTok sole ownership of the data.

Deepfakes are when bots, TikTok creators, or threat actors can create realistic (but fake) video and audio files. While there are legitimate uses for deepfakes, they can also be used to spread misinformation, destroy reputations, or orchestrate identity theft.

However, it should be noted that TikTok is also introducing watermarks for AI content. If this is implemented reliably, it should allow users to discern what’s real—and what’s fake.

TikTok account downloads and updates

There are also risks associated with the TikTok app itself.

Ultimately, TikTok users are downloading Chinese software onto their devices—and who can say whether future updates could contain malware or unethical terms and conditions?

Only IT experts, CISOs, and developers can know for sure. Everyone else must take a leap of faith—and hope that their personal data is in safe hands.

3. Protecting against TikTok risks

While all social media apps carry a certain level of risk, TikTok can pose some unique problems to any company or organization.

Are employees using TikTok on work devices? What data could TikTok access, directly or indirectly?

Here are some TikTok safety tips ‘foryou #fyp’:

  1. Policy recommendations: Specify whether social media apps, including TikTok, can be installed on Internet-connected devices used for work.
  2. Technical controls: Leverage tools like endpoint security and application control solutions to monitor and restrict risky app activity.
  3. Awareness and training: A simple mistake, like clicking on a malicious TikTok link, could have significant consequences. Training programs should emphasize vigilance and responsibility for both employees and members of your supply chain.
  4. EASM solutions: Invest in a cybersecurity solution that protects your public-facing assets, such as CybelAngel. This can help you to anticipate and prevent data breaches, ransomware, and other cyber incidents.

With the right measures in place, you can safeguard your cybersecurity posture and avoid being compromised via social media apps such as TikTok.

TikTok leaks F.A.Q.

Q: Is TikTok safe to use?

Is TikTok dangerous? It all depends on your privacy tolerance. While TikTok collects significant data, so do other apps and ad profiling tools. The key is to use privacy settings, stay aware of permissions, and monitor your wider digital footprint.

Q: What happens if a government bans TikTok?

A TikTok ban could limit its availability but wouldn’t necessarily prevent determined users from accessing the app. Enterprises should prepare for TikTok risks regardless of government action.

Q: How does TikTok compare to other apps from a security perspective?

TikTok faces unique scrutiny due to its ownership, but other social media apps also pose significant privacy and security risks. The key is to evaluate each app individually.

Q: Should enterprises outright ban TikTok on employee devices?

This depends on your organization’s risk tolerance. For high-security environments, a TikTok ban may be prudent. For others, clear policies and technical controls may be enough.

A URL that follows the format vm.tiktok.com means that someone shared a TikTok video from the app.

Conclusion

Despite its recent controversies, TikTok isn’t going anywhere in 2025. Whether you’re a CISO or an IT manager, it’s vital to assess the app’s implications for your cybersecurity strategy.

But with the right policies, technical controls, and employee education, you can reduce TikTok security risks—whether they come from TikTok or any other social media app.

If you’d like to learn more about safeguarding your enterprise, contact CybelAngel for expert insights on external attack surface management (EASM).