![TikTok's zero-day vulnerability hijacks celebrity and brand accounts 1 Featured image for TikTok Studio app is here to help content creators with their TikToks](https://www.trendfeedworld.com/wp-content/uploads/2024/05/The-TikTok-Studio-app-is-here-to-help-content-creators.webp.webp)
TikTok has confirmed a zero-day vulnerability that attackers have exploited to hijack several celebrity and brand accounts. The attackers exploited an unspecified vulnerability in the social media app's direct messaging (DM) feature. The company managed to stop the attack, but not before a few major accounts fell prey to it.
TikTok's Zero Day vulnerability has compromised a number of major accounts
Zero-day vulnerabilities are security flaws for which no official patch exists or for which no public information about the flaw is available. In this case, a vulnerability in TikTok's DM feature allowed attackers to hijack accounts by simply sending a message. The target only needs to open the malicious message. The exploit does not require downloading a file or clicking a link. Opening the message is enough for a user to transfer his/her account to the attacker.
Over the past week, attackers have taken advantage of this vulnerability to hijack several prominent TikTok accounts, including accounts from Sony, CNN, and Paris Hilton. CNN was reportedly the first account to fall prey to the attack. The compromised accounts were then temporarily deleted, either by TikTok or by the account holders, to prevent misuse. At the time of writing, TikTok does not appear to have patched the vulnerability, but the attack has been stopped.
“Our security team is aware of a possible exploit targeting a number of brand and celebrity accounts,” TikTok spokesperson Alex Haurek said. in a statement to Forbes. “We have taken steps to stop this attack and prevent it from happening in the future. We are working directly with affected account owners to restore access, if necessary.” Haurek did not specify the number of compromised accounts, but said it was “a very small number.”
TikTok has also not yet provided details about the vulnerability that allowed attackers to hijack accounts so easily. It likely won't share more details until the bug is fixed. That is standard practice for zero-day vulnerabilities. Details will not be shared until the majority of users have installed the patch. Hopefully the temporary safeguards against the flaw are strong enough to prevent further attacks. TikTok users should avoid opening suspicious DMs.
TikTok has repeatedly faced account takeovers in the past
This isn't the first time a TikTok vulnerability has led to account hijackings. The social media platform has faced similar attacks repeatedly in the past. Recently, a flaw in the Android app allowed attackers to quietly take over accounts with one tap. TikTok has had many other privacy issues as well. You should always keep the app updated and remain vigilant to avoid privacy and security issues. You can update the app from the Google Play Store.