High Profile Tiktok Accounts Compromised via Direct Messages
Leading social media platform TikTok has confirmed the hijacking of high-profile accounts on the platform by threat actors. Learn more about the takeover campaign and how it affects the video-sharing app’s users.
- Threat actors exploited a zero-day vulnerability in TikTok to take over major accounts such as Sony and CNN.
- The attacks used specially customized direct messages to compromise and access targeted accounts.
Threat actors hijacked high-profile TikTok accounts, including those of companies and celebrities, exploiting a zero-day vulnerability in the app’s direct messages feature. Following the attack, Sony and CNN accounts were temporarily taken down to prevent further abuse. The social media company released patches for the bug soon after, enabling the compromised accounts to become active again.
The bug exploited by the threat actors only needs the user of the targeted account to open a direct message for the attacker to gain control over the account. There is no requirement to click on embedded links or download attachments. Such a flaw makes account takeovers fairly easy for malicious users of the platform.
See More: Atlassian Confluence Users Urged to Patch Critical Security Bug
According to TikTok, only a few accounts were compromised before the patch was implemented. However, the company has not revealed details about how many users were affected or how the vulnerability was exploited.
This is not the first time TikTok users have faced such security issues. In the past few years, the company had to fix bugs that enabled account takeovers when the app was downloaded via third-party sources. It also had to fix bugs that allowed attackers to circumvent privacy protections to steal sensitive user information.
The breach highlights the growing threat of account takeover attacks and the need for governments and organizations to push for better safeguards to mitigate such risks.
