The minimum age for livestreaming on TikTok will increase from 16 to 18 starting the next month. Some were earning up to $1,000 (£900) each hour, while TikTok took up to 70% of their withdrawals. According to TikTok, in the future, only adults would be able to “use monetisation tools or send virtual presents.” Additionally, users will be able to host adult-only livestreams “in the coming weeks.” However, it’s unclear how TikTok will carry out these age limitations. Both Google, which owns YouTube, and Meta, which owns Facebook and Instagram, have age restrictions on uploaded content and a minimum livestreaming age of 13.
TikTok’s rules say you must not directly solicit for gifts and must “prevent the harm, endangerment or exploitation” of minors on the platform.
When News BBC used the in-app system to report 30 accounts featuring children begging, TikTok said there had been no violation of its policies in any of the cases. After BBC News contacted TikTok directly for comment, the company banned all of the accounts.
Until now, most public commentary has focused on the risk that hackers would use stolen data to access bank accounts. The Sydney Morning Herald reported that it obtained a message from a person claiming to be the Medibank hacker threatening to publish medical records of high-profile individuals unless the person were paid.
“What we have here is … healthcare information and that just on its own being made public can cause immense harm to Australians and that’s why we are so engaged with this,” Cybersecurity Minister Clare O’Neill told the Australian Broadcasting Corp.
Cybersecurity experts said it was unclear whether the data breach disclosures were related, given the varied nature of the attacks, but the publicity generated by the Optus attack may have drawn attention in hacker networks.
“When you do have a highly visible breach like Optus in Australia out there, hackers take notice of that and go ‘maybe I’ll have a go down there and see what I can get away with,'” said Jeremy Kirk, executive editor at Information Security Media Group, a cybersecurity specialist publication.
Larger Optus rival Telstra Corp Ltd has disclosed a small breach of employee data, while No. 1 grocery chain Woolworths Group Ltd said an unidentified party gained unauthorised access to the customer database of a bargain website used by 2.2 million shoppers.
The high-profile data breaches show the importance of multi-factor authentication – where a person uses a code sent to a separate device to log in – at every level of a company’s network, said Sanjay Jha, chief scientist for the University of New South Wales Institute for Cybersecurity.
“Maybe for end users they have done it, but for internal servers they should have even more stringent control,” Jha told Reuters by phone.
“You need continuous authentication so that people don’t log in and leave it forever, and then attackers can compromise your system,” he added.
Dan Woods, a former FBI cyberterrorism investigator who is now head of intelligence at cybersecurity firm F5, said Australia had “undoubtedly experienced its worst few weeks from a cybercrime perspective, but on the positive side it’s been a wake-up call the country may have needed”.