TikTok's zero-day vulnerability hijacks celebrity and brand accounts

TikTok has confirmed a zero-day vulnerability that attackers have exploited to hijack several celebrity and brand accounts. The attackers exploited an unspecified vulnerability in the social media app's direct messaging (DM) feature. The company managed to stop the attack, but not before a few major accounts fell prey to it.

TikTok's Zero Day vulnerability has compromised a number of major accounts

Zero-day vulnerabilities are security flaws for which no official patch exists or for which no public information about the flaw is available. In this case, a vulnerability in TikTok's DM feature allowed attackers to hijack accounts by simply sending a message. The target only needs to open the malicious message. The exploit does not require downloading a file or clicking a link. Opening the message is enough for a user to transfer his/her account to the attacker.

Over the past week, attackers have taken advantage of this vulnerability to hijack several prominent TikTok accounts, including accounts from Sony, CNN, and Paris Hilton. CNN was reportedly the first account to fall prey to the attack. The compromised accounts were then temporarily deleted, either by TikTok or by the account holders, to prevent misuse. At the time of writing, TikTok does not appear to have patched the vulnerability, but the attack has been stopped.

“Our security team is aware of a possible exploit targeting a number of brand and celebrity accounts,” TikTok spokesperson Alex Haurek said. in a statement to Forbes. “We have taken steps to stop this attack and prevent it from happening in the future. We are working directly with affected account owners to restore access, if necessary.” Haurek did not specify the number of compromised accounts, but said it was “a very small number.”

TikTok has also not yet provided details about the vulnerability that allowed attackers to hijack accounts so easily. It likely won't share more details until the bug is fixed. That is standard practice for zero-day vulnerabilities. Details will not be shared until the majority of users have installed the patch. Hopefully the temporary safeguards against the flaw are strong enough to prevent further attacks. TikTok users should avoid opening suspicious DMs.

TikTok has repeatedly faced account takeovers in the past

This isn't the first time a TikTok vulnerability has led to account hijackings. The social media platform has faced similar attacks repeatedly in the past. Recently, a flaw in the Android app allowed attackers to quietly take over accounts with one tap. TikTok has had many other privacy issues as well. You should always keep the app updated and remain vigilant to avoid privacy and security issues. You can update the app from the Google Play Store.

Related Posts

Hacker claims to have 30 million customer details of Australian ticket seller TEG

A hacker is advertising customer data allegedly stolen from Australia-based live events and ticketing company TEG on a well-known hacking forum. On Thursday, a hacker put TEG's allegedly stolen data…

Why Anthropic's Artifacts May Be This Year's Most Important AI Feature: Interface Battle Reveal

Don't miss the leaders from OpenAI, Chevron, Nvidia, Kaiser Permanente, and Capital One at VentureBeat Transform 2024. Gain essential insights about GenAI and grow your network during this exclusive three-day…

Leave a Reply

Your email address will not be published. Required fields are marked *

You Missed

The Florida judge responsible for the secret trial against Trump files a dossier

  • June 22, 2024
The Florida judge responsible for the secret trial against Trump files a dossier

Hacker claims to have 30 million customer details of Australian ticket seller TEG

  • June 22, 2024
Hacker claims to have 30 million customer details of Australian ticket seller TEG

‘Slave Play’ playwright Jeremy O. Harris is on a mission to diversify theater : NPR

  • June 22, 2024
‘Slave Play’ playwright Jeremy O. Harris is on a mission to diversify theater : NPR

Fauci blames Trump's administration staff for feeding him misinformation and hostility

  • June 22, 2024
Fauci blames Trump's administration staff for feeding him misinformation and hostility

CDK Global Cyberattack Leaves Thousands of Car Dealers Spinning Their Wheels

  • June 22, 2024
CDK Global Cyberattack Leaves Thousands of Car Dealers Spinning Their Wheels

Why will Kylian Mbappé wear a mask at Euro 2024 and what are the rules?

  • June 22, 2024
Why will Kylian Mbappé wear a mask at Euro 2024 and what are the rules?

Angel Reese makes WNBA rookie double-double history: NPR

  • June 22, 2024
Angel Reese makes WNBA rookie double-double history: NPR

Refrigerating 'blood oranges' could even make them healthier – a bonus for consumers

  • June 22, 2024
Refrigerating 'blood oranges' could even make them healthier – a bonus for consumers

Why Anthropic's Artifacts May Be This Year's Most Important AI Feature: Interface Battle Reveal

  • June 22, 2024
Why Anthropic's Artifacts May Be This Year's Most Important AI Feature: Interface Battle Reveal

Ecuador vs. Venezuela live stream: Copa America prediction, TV channel, watch online, time, news, odds

  • June 22, 2024
Ecuador vs.  Venezuela live stream: Copa America prediction, TV channel, watch online, time, news, odds

Andrew Miller, State Department expert on Israel-Palestine, resigns amid Gaza war

  • June 22, 2024
Andrew Miller, State Department expert on Israel-Palestine, resigns amid Gaza war