Zero-day exploit used to hack high-profile TikTok accounts
Last week, attackers compromised numerous official TikTok accounts of high-profile brands and celebrities, such as CNN, Sony and Paris Hilton.
The hackers used a zero-day exploit to hijack the accounts. According to Forbes, the attackers were able to take over the TikTok accounts simply by sending a direct message or DM. In order to transmit the malware, it didn’t require the receiver to download malicious software, to click on a suspicious URL or any other action.
How many TikTok accounts were hacked by using this method is unknown. Sources tell Forbes that CNN, Sony and Paris Hilton fell victim to this zero-day exploit.
Alex Haurek, spokesperson at TikTok, claims that a ‘very small’ number of accounts were compromised. “Our security team is aware of a potential exploit targeting a number of brand and celebrity accounts. We have taken measures to stop this attack and prevent it from happening in the future. We’re working directly with affected account owners to restore access, if needed.”
About CNN specifically, Haurek said: “Our security team was recently alerted to malicious actors targeting CNN’s TikTok account. We have been collaborating closely with CNN to restore account access and implement enhanced security measures to safeguard their account moving forward.”
The spokesperson iterates that TikTok is dedicated to maintaining the integrity of the platform and will continue to monitor for any suspicious activities. No details were disclosed regarding the zero-day exploit, because the underlying flaw hasn’t been fixed.
TikTok had to patch dangerous exploits several times
It isn’t the first time a dangerous vulnerability has a potentially profound impact on TikTok users. In the summer of 2023, over 700,000 accounts in Turkey had been compromised because the company used insecure SMS channels for its two-factor authentication (2FA).
In 2022, researchers at Microsoft found a way to take over control of any TikTok account with a single click. Early 2021, TikTok had to fix a security bug that allowed attackers to bypass the platform’s privacy protection measures and steal private user information, including telephone numbers.
And back in 2020, the company patched vulnerabilities that enabled hackers to hijack accounts of users who signed up via third-party apps.
Your email address will not be published. Required fields are marked