TikTok Zero-Day Flaw Allows Attackers to Take Over High-Profile Accounts

Multiple prominent TikTok accounts associated with companies and celebrities were recently hijacked by attackers exploiting a zero-day vulnerability in the social media app’s direct messaging feature. Zero-day vulnerabilities are especially dangerous because they remain unknown until an attack happens, with no available fixes at the time. 

The Attack and Its Impact

So, who was targeted? Over the last week, TikTok accounts belonging to Paris Hilton, CNN (the first victim as reported by Semafor), and Sony were compromised and taken offline to stop further misuse. 

The attackers’ method for hacking the accounts through direct messages only involves the recipient opening a malicious message without needing to download anything or click any links, according to Forbes.

Response from TikTok

Alex Haurek, a spokesperson for TikTok, confirmed the issue to Forbes, stating, “Our security team is aware of a potential exploit targeting a number of brand and celebrity accounts. We have taken measures to stop this attack and prevent it from happening in the future. We’re working directly with affected account owners to restore access, if needed.”

Sources report TikTok accounts, including those of brands and celebrities like CNN, Sony, and Paris Hilton, are being hacked via a zero-day exploit triggered by simply opening a DM. #TikTokHack #CyberSecurity #ZeroDayExploit #PrivacyAlert #TechNews r/martechnewser pic.twitter.com/0VbcXOqqsm

— PUPUWEB Blog (@cheinyeanlim) June 4, 2024

She also stated that the attackers have compromised a relatively small number of TikTok accounts. However, the company has not disclosed the exact number of users affected and is withholding details about the vulnerability until the issue is resolved.

TikTok’s History of Account Takeovers

TikTok has faced several vulnerabilities affecting its users in recent years. The most notable incident was a flaw in the Android app identified by Microsoft in August 2022, which allowed hackers to seamlessly take over accounts with a single tap.

Earlier, TikTok addressed security issues that permitted hackers to circumvent the platform’s privacy settings and access sensitive user data such as phone numbers and user IDs.

Additionally, the company also patched vulnerabilities that let attackers hijack accounts created through third-party apps to manipulate the content of users’ videos as well as steal personal information.

Related Reads:

• Is TikTok Safe?
• How to Get Unbanned from TikTok