The popular social media app TikTok has a vulnerability that security experts

 from Imperva have discovered that might have enabled threat actors to steal personal information 

victims' devices for use in identity theft attacks, phishing schemes, or extortion.

The app's handling of incoming messages was where the vulnerability was discovered, which has already been addressed. 

The attackers may send a malicious message to the TikTok web service through the PostMessage API, 

bypassing any security protections, according to the researchers who described the technique. 

But it didn't take long for Musk to start implementing his new account verification policy,