Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Tom’s Guide
Tom’s Guide
Technology
Scott Younker

TikTok hit with malicious malware that’s taking over accounts — don’t open those DMs

How to delete TikTok.

TikTok’s no good last few months continues with news that hackers have used malicious code to take over celebrity and brand accounts on TikTok. The official accounts of Sony, Paris Hilton and CNN have reportedly been impacted by the hack, according to a Forbes report

The hackers responsible are sending malware via DMs on the app. Apparently, this malware doesn’t require victims to click any links or download software. Instead, all you have to do is open a DM with the malware present and your device will be infected.

The hack appears to be a “zero-day” attack, meaning that the bad actors learned of the vulnerability in TikTok’s code before developers did, thus they had zero days to prevent it. 

@tomsguide ♬ original sound - Tom’s Guide

The Semafor newsletter reported that CNN had to take the company’s account down. A spokesperson told Semafor that the company had been lax in cybersecurity. However, it sounds like the issue was off-site, probably because one of the dozens of CNN employees with access opened a DM, a regular part of managing a social media brand.

For now, it appears that hackers are going for brand and celebrity accounts like Paris Hilton. Average users probably won’t be affected, but to be safe, it would be best to avoid opening DMs until TikTok announces a repair or patch for the ongoing issue. 

TikTok does have a support page with suggestions on dealing with a hacked account. The usual suggestions presented include resetting the password, removing unknown devices and engaging two-factor authentication by adding your phone number. 

TikTok is no stranger to big hacks. Last year, over 700,000 accounts were hacked in Turkey because of poor two-factor authentication methods in the app. 

In 2022, Microsoft reported a vulnerability in the Android version of the TikTok app that would allow hackers to take over an account with one click of a specific link. 

Beyond hacking, TikTok is an ongoing fight with the United States government to avoid getting banned in America. President Joe Biden signed a measure that requires TikTok parent company ByteDance to sell the company’s U.S. operations. 

The ban is in place presumably to keep American’s private data out of the hands of the Chinese government.

Last month, ByteDance challenged the law in the U.S. Court of Appeals for the D.C. Circuit. That lawsuit is ongoing. 

More from Tom's Guide

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.