A U.K. security agency warned TikTok about the exploited vulnerability more than a year earlier, but the company chose not to fix it.eeks before Turkey’s authoritarian president, Recep Tayyip Erdoğan, eked out a narrow reelection in May, TikTok’s acting security chief, Kim Albarella, received a piece of bad news: As many as 700,000 TikTok accounts in Turkey had been compromised by a hack that allowed attackers to access users’ private information and control their accounts.
In layman’s terms, greyrouting means sending SMS text messages through unsecured channels in order to bypass fees established by international telecommunications agreements. Using greyroutes can save companies money and help them avoid guardrails like rate limits and anti-spam detection, but doing so can compromise messages’ security, making them vulnerable to interception.
Alex Stamos, director of the Stanford Internet Observatory and former security chief for Facebook, cautioned that without more information, it’s hard to know how significant the breach was. “This could range from a super advanced spam attack to a state actor,” he said. “If you’d just told me 700,000 accounts, I’d tell you that’s a Wednesday.