TikTok’s no good last few months continues with news that hackers have used malicious code to take over celebrity and brand accounts on TikTok. The official accounts of Sony, Paris Hilton and CNN have reportedly been impacted by the hack, according to a Forbes report.
The hackers responsible are sending malware via DMs on the app. Apparently, this malware doesn’t require victims to click any links or download software. Instead, all you have to do is open a DM with the malware present and your device will be infected.
The hack appears to be a “zero-day” attack, meaning that the bad actors learned of the vulnerability in TikTok’s code before developers did, thus they had zero days to prevent it.
@tomsguide ♬ original sound - Tom’s Guide
The Semafor newsletter reported that CNN had to take the company’s account down. A spokesperson told Semafor that the company had been lax in cybersecurity. However, it sounds like the issue was off-site, probably because one of the dozens of CNN employees with access opened a DM, a regular part of managing a social media brand.
For now, it appears that hackers are going for brand and celebrity accounts like Paris Hilton. Average users probably won’t be affected, but to be safe, it would be best to avoid opening DMs until TikTok announces a repair or patch for the ongoing issue.
TikTok does have a support page with suggestions on dealing with a hacked account. The usual suggestions presented include resetting the password, removing unknown devices and engaging two-factor authentication by adding your phone number.
TikTok is no stranger to big hacks. Last year, over 700,000 accounts were hacked in Turkey because of poor two-factor authentication methods in the app.
In 2022, Microsoft reported a vulnerability in the Android version of the TikTok app that would allow hackers to take over an account with one click of a specific link.
Beyond hacking, TikTok is an ongoing fight with the United States government to avoid getting banned in America. President Joe Biden signed a measure that requires TikTok parent company ByteDance to sell the company’s U.S. operations.
The ban is in place presumably to keep American’s private data out of the hands of the Chinese government.
Last month, ByteDance challenged the law in the U.S. Court of Appeals for the D.C. Circuit. That lawsuit is ongoing.