TikTok Tracks More than 10% of U.S. Websites Users via Its Analytics Tool

TikTok Tracks More than 10% of U.S. Websites Users via Its Analytics Tool
January 13, 2022
Reading time: 2 mins
More than 10 percent of all United States consumer websites have added a TikTok component to reinforce their marketing efforts, according to research from Reflectiz, the leader in digital asset and client-side protection. While TikTok was a relatively anonymous app in 2020, it grew exponentially in 2021.

TikTok experienced initial growth among the younger global population and has since attracted users of all ages. In light of that, many of the largest U.S. consumer-focused and global enterprises, retailers, and publishers have added TikTok to their mix of marketing channels. It has even surpassed Google in Cloudflare’s Web Traffic Ranking.

TikTok, like other tools, is actively tracking user behavior, analyzing their activities, location, past website visits, and cookies.

Unlike Google or Facebook, a major issue with TikTok is that the control is somewhat “gray.” It is owned by ByteDance, a very influential company in China. It is common knowledge in the cybersecurity world that Chinese threat actors are very active in cyberespionage for both political and financial gain. To put this plainly: U.S. enterprises that have implemented TikTok components in their website may have granted a Chinese entity open access to their users’ private data, while never knowing what the entity is actually doing with the information.

The threat that most people might miss is that even if the user doesn’t use TikTok, the simple fact that the person is browsing a website that includes a TikTok-owned component means that it gathers their personal information. Not only that, but even businesses with strict privacy and security policies are unknowingly exposing their own users’ PII (e.g., UserAgent, IP address, etc.) once they visit websites that have implemented TikTok components. According to BuiltWith, TikTok has shown exponential growth in popularity during the recent year, making it a very attractive target for Chinese threat actors.

“The problem with TikTok is that it is very hard to trace what they are doing with your customers’ data,” said Ysrael Gurt, CTO & co-founder of Reflectiz. “It’s common to have tags and trackers on a website, but we can’t really know what they do with the data they collected. However, we do know that TikTok already has the technical and personal data about most of the internet users right now, so the question that remains is: Who has access to this data, and how will they use it?”

“It’s important to remember that even free tools are paid with the users’ data – your website users’ data,” he adds. “In this instance, websites all across the U.S. are paying with their user’s data to a Chinese enterprise, never knowing where this information will end up.”

 

This article was originally published at Global Security Mag on January 13, 2022.

Get Free Website Risk Detection!

Learn how to control your third-party apps and avoid the next website supply-chain attack

Start for free

You might also like

TikTok Tracks More than 10% of U.S. Websites Users via Its Analytics Tool

TikTok is Taking Over

January 13, 2022
Reading time: 2 mins
Infiltrating Internal Networks with Log4Shell

Infiltrating Internal Networks with Log4Shell

January 3, 2022
Reading time: 3 mins
Reflectiz’s Website Security Platform Expands NessPRO’s Cyber Protection Basket

Reflectiz and NessPRO Partnership

December 21, 2021
Reading time: 2 mins

Subscribe to us