TikTok, the popular social media platform, faced a major security breach in Turkey weeks before the country's hotly contested election in May. The breach, which compromised up to 700,000 TikTok accounts in Turkey, allowed attackers to access users' private information and take control of their accounts, as per a report from Forbes.

The company had been made aware of the vulnerability more than a year earlier, in April 2022, when TikTok's security chief, Roland Cloutier, received an alarming email from the U.K.'s National Cyber Security Centre, a division of GCHQ, the nation's top intelligence agency. The email warned that TikTok's practice of "grey routing" SMS messages through insecure channels could leave the platform exposed to potential threats from "SIM farms" in Russia and other countries. These attackers could potentially request and intercept one-time passwords to gain unauthorised access to TikTok users' accounts.

What is Grey routing?

Grey routing involves sending SMS text messages through unsecured channels, allowing companies to bypass fees set by international telecommunications agreements and avoid rate limits and anti-spam detection. While this can be cost-effective, it poses significant security risks, making messages susceptible to interception.

Who was behind the hack?

However, it remains unclear who took advantage of the vulnerability in Turkey. The country's president, Recep Tayyip Erdoğan, has faced criticism for his government's use of state-sponsored troll networks to intimidate journalists and critics. In the lead-up to the May election, Erdoğan reportedly employed deepfakes and censorship as part of his strategy to sway voters in his favor. Even Erdoğan's main opponent, Kemal Kilicdaroglu, accused Russia of disseminating false information during the election period.

TikTok's acting security chief, Kim Albarella, received news of the hack just before Erdoğan narrowly won reelection. This breach raises concerns about TikTok's security practices and highlights the potential risks associated with greyrouting, which can leave millions of users' personal data exposed to unauthorized access. As the platform continues to grow in popularity worldwide, it faces increasing scrutiny from regulators and users regarding the protection of user information and data privacy.