Published in End-Point-Security · 18 May 2023
Early in 2023, Litecom, thru it's Remote Management and Monitoring Service, which uses an AI Security Agent, discovered TikTok code embedded in various companies web sites. Litecom discovered the users information was being relayed to TikTok. This was very alarming. Whom had dropped this code onto companies web sites and why?
Litecom began to investigate this finding.
First, let us go over Litecom's End-Point-Security. Coupled with a Hybrid / AI engine, it monitors computer activity and connections whether the user is active or not. Among many things, it monitors what occurs when you arrive at a web site and what may be occurring in the background.
So, what we discovered is, as a user arrives at a web site, our Security Agent detected another pathway being opened by the site, directing the user information to TikTok as analytics information. We notified some of these companies.
After a bit of time, some admitted they inserted the code themselves. This is known as a TikTok Pixel. TikTok Pixel is a tracking pixel code on your website to track conversion events. It also helps advertisers track user behavior on their website after clicking on a TikTok ad. It is similar to the tracking pixels used by other social media platforms, such as Facebook Pixel. In our case analysis, there is no advertising, just user data harvesting of some depth.
Some information collected can be, first and last name, your phone number, email, your computer name.
So, if your computer protection is lacking, as most are, this transfer is taking place without your knowledge. Our Security Agent notifies the user on their screen the transfer was blocked.
We are listing some sites which as of 5/18/23 have had this code inserted.
- Fossil Watches
- Square Card
- Ray-Ban sunglasses
- Jack in the Box
We found similar results for Instagram. Sites as of 5/18/23