Outsourcing datum to the cloud servers is more and more popular for most data owners and enterprises. However, how to ensure the outsourced datum to be kept secure is very important. Especially, how to check the outsourced datum's integrity is a very challenge problem. Until now, there are many cryptographic protocols proposed to solve this problem, such as (dynamic) provable data position protocol, (dynamic) proof of retrievability protocol, etc. Recently, Tian et al proposed a dynamic-hash-table-based public auditing scheme for secure cloud storage, which aims at simultaneously supporting secure dynamic data updating and secure public auditing for cloud storage. However, we find a security flaw in this protocol; concretely, the signature algorithm for the data blocks in their protocol is not secure; the cloud servers can easily modify the outsourced data blocks without detecting. Finally, we give a new protocol by using homomorphic tags based on their protocol and roughly analysis its security. © 2019 John Wiley & Sons, Ltd.