Notice the file left in there by a previous explorer of the internet. This gentleman has even found RCE exploits with TikTok, and they simply do not and will not respond to their security line. Olivia Newton at NBC I believe even reached out, and she could not get them to get back to her. I forwarded this (really another bucket of equal content still lurking out there) several times to Brian Krebs but he never responded. I only mention his name because it has happened before and find it somewhat damaging to the community and it needs to be called out (with fill acknowledgement that journalists get hit up by PR ppl all the time and it’s a tough job).
Just because the bucket says "tiktok" in the name, doesn't mean it's in any way associated with them. This appears to be ~1000 videos, anything particularly interesting about it?
(My company gets many such reports; sadly researchers often strongly insist otherwise)
It is associated with name. A domain held by them had a link record that pointed to this bucket. Also previous acquisitions of TikTok have buckets, currently open, and those have metadata which shows ownership.
Either way, TikTok won’t even respond, which is very sad and absolutely deserves a response so the few researchers don’t have to waste time following up.
NOTE: Your point makes sense though and I’ve run into this before. 100% agree with you and I should have mentioned the anchor link found.
Do you want to email me? You can find it if you have SecurityTrails subscription, but that is like $500 a month also. I assume you mean the CNAME record right??
Notice the file left in there by a previous explorer of the internet. This gentleman has even found RCE exploits with TikTok, and they simply do not and will not respond to their security line. Olivia Newton at NBC I believe even reached out, and she could not get them to get back to her. I forwarded this (really another bucket of equal content still lurking out there) several times to Brian Krebs but he never responded. I only mention his name because it has happened before and find it somewhat damaging to the community and it needs to be called out (with fill acknowledgement that journalists get hit up by PR ppl all the time and it’s a tough job).