TikTok has confirmed a zero-day vulnerability that attackers exploited to hijack several accounts belonging to celebrities and brands. The attackers exploited an unspecified security flaw in the social media app’s direct messages (DM) feature. The firm has managed to stop the attack but not before a few big accounts fell prey to it.
TikTok zero-day vulnerability compromised a few big accounts
Zero-day vulnerabilities are security flaws that do not have an official patch or lack public information detailing the flaw. In this case, a vulnerability in TikTok’s DM feature allowed attackers to hijack accounts by simply sending a message. The target only needs to open the malicious message. The exploit doesn’t require downloading any file or clicking any link. Opening the message is enough for a user to hand their accounts to the attacker.
Over the past week, attackers exploited this vulnerability to hijack several prominent TikTok accounts, including accounts belonging to Sony, CNN, and Paris Hilton. CNN was reportedly the first account to fall prey to the attack. The compromised accounts were subsequently taken down temporarily, either by TikTok or the account holders, to prevent abuse. As of this writing, TikTok doesn’t seem to have patched the vulnerability but it has stopped the attack.
“Our security team is aware of a potential exploit targeting a number of brand and celebrity accounts,” TikTok spokesperson Alex Haurek said in a statement to Forbes. “We have taken measures to stop this attack and prevent it from happening in the future. We’re working directly with affected account owners to restore access, if needed.” Haurek didn’t specify the number of accounts compromised but said it is “a very small number.”
TikTok also has yet to detail the vulnerability that allowed attackers to hijack accounts so easily. It probably won’t share more details until the flaw is patched. That’s the standard practice with zero-day vulnerabilities. Details aren’t shared until the majority of users have installed the patch. Hopefully, the temporary security measures against the flaw are strong enough to prevent further attacks. TikTok users should avoid opening suspicious DMs.
TikTok has suffered account takeovers on numerous occasions in the past
This isn’t the first time a TikTok vulnerability has led to account hijacks. The social media platform suffered similar attacks on numerous occasions in the past. Most recently, an Android app flaw allowed attackers to quietly take over accounts with a single tap. TikTok has also had many other privacy issues. You should always keep the app updated and stay vigilant to avoid privacy and security issues. You can update the app from the Google Play Store.
2024-06-05 15:07:20