New Warning Issued As Zero Day Bug Hijacks Top Brand And Celebrity Accounts On TikTok (Updated)

TikTok is facing a new malicious code situation that is hijacking high-profile accounts on the app.

A leading number of official accounts belonging to both celebrities and brands were said to be compromised already including the likes of CNN as well as reality TV star Paris Hilton.

The incident arose when the malware was sent via a DM to the account present on the platform. It’s easy to be fooled as this doesn’t need any form of prior installation, clicks, or even a reply from respective users that’s beyond opening up messages.

Meanwhile, any account that’s compromised along the way isn’t able to publish content and so far, the company is not aware of the figure of users impacted so far.

The company’s rep was quick to speak up on the matter, adding how their security team is very aware of the alarming situation and doing everything they can to stop the exploitation and targeting of so many accounts.

They are also installing the right safeguards to prevent such attacks from arising in the future, it added. The company also mentioned working on how to protect compromised accounts, although they did clarify that the figures of those impacted are minimal.

The goal right now appears to be working alongside compromised accounts and ensuring their access gets restored as quickly as possible.

Today, TikTok has a global user base expanding to more than one billion users.

As far as leading news broadcaster CNN is concerned, they have also released a new statement on this front including how their security team is well aware of the situation and how threat actors are on the rise.

TikTok’s spokesperson said it’s working closely with CNN to ensure restoration of access and implementation of the best security measures to make sure accounts in the future don’t get impacted like this again.

They are dedicated to ensuring platform integrity is maintained at all times and that monitoring of more inauthentic behavior continues. It is not clear right now if the situation is under control or if threat actors continue to impact high-profile accounts.

Even those impacted are yet to speak about this in public including Paris Hilton who is said to be a popular name on the app.

This is not the first time that we’ve seen TikTok get embattled in such hacking behavior.

Last year during a similar time, the app went as far as to acknowledge how close to 700k accounts were hacked due to improper security across the app’s SMS channels linked to 2FA logins. This was right before the elections in Turkey were ready to take center stage.

Before that, we saw another serious vulnerability on the platform that forced hackers to take over profiles via a simple click. This was unveiled by researchers at Microsoft who made the company aware of the alarming situation.

On Tuesday, this shocking incident caused CNN to remove its account on TikTok for a while as a backend solution was being devised, in addition to other security measures.

We already know how America has scrutinized and called out TikTok as a growing concern for the country’s national security. This is why it’s been given a deadline to break away from its roots in China as many strongly feel Americans are being spied upon by Chinese government officials.

For now, no decision has been taken on separation from parent firm ByteDance but it’s quite clear from this situation that TikTok has its guard up and will do everything to ensure such a matter does not arise anything soon as the world watches.

Update on June, 06, 2024: TikTok has claimed that it has addressed the vulnerability responsible for the recent cyberattack, which allowed hackers to take over accounts simply by opening a private message containing malware. TikTok reassures users that such attacks are rare and unlikely to affect the average user. The company is actively collaborating with affected account owners to restore access. Notably, only two accounts have been identified as targets in this attack so far.

Image: DIW-Aigen

Read next: The Role of AI and Machine Learning in Modern Cyber Defense
Previous Post Next Post