Hackers Exploited TikTok Zero-Day Vulnerability to Hijack High-Profile Accounts

TikTok has confirmed that hackers exploited a nil-day vulnerability in its advise messaging (DM) feature to hijack lots of high-profile accounts.

The affected accounts encompass those of celebrities handle Paris Hilton and major media organizations equivalent to CNN and Sony. The attack, which has raised alarms in regards to the platform’s security measures, used to be first reported on June 4, 2024.

Zero-Day Vulnerability

The zero-day vulnerability allowed attackers to get dangle of unauthorized salvage admission to to accounts simply by sending a malicious message thru TikTok’s DM feature.

The exploit did no longer require the victims to download any payload or click on on embedded hyperlinks; merely opening the malicious message used to be sufficient to compromise the fable.

This form of attack is basically insidious because it leverages a previously unknown security flaw, giving developers no time to patch the vulnerability earlier than it is miles exploited.

The breach resulted in the short-time period shutdown of the affected accounts to prevent further misuse. CNN’s fable used to be reportedly the first to be hijacked, necessitating its getting rid of from the platform for lots of days. Paris Hilton’s fable used to be also centered, even supposing it used to be no longer compromised, Semafor experiences.

TikTok has since taken measures to discontinuance the attack and stop future occurrences. The firm works straight with the affected fable homeowners to restore salvage admission to and put into effect further security measures.

Jason Grosse, a consultant of TikTok’s privacy and security group, mentioned that the firm is taking part with the affected users to mitigate the impact and ascertain that such incidents attain no longer recur.

On the opposite hand, TikTok has no longer disclosed the accurate sequence of compromised accounts or detailed the explain nature of the vulnerability, citing security issues.

The timing of the attack is basically regarding given the upcoming U.S. presidential election. There are heightened fears that such vulnerabilities shall be exploited to unfold misinformation or disrupt the electoral process. CNN, for occasion, has been working with TikTok to bolster its fable security in anticipation of most likely threats throughout the election season.

This incident is the latest in a series of security challenges for TikTok. In 2022, a hacker claimed to accumulate stolen consumer records and source code from the platform, even supposing TikTok denied these claims.

The platform has also faced scrutiny from U.S. lawmakers over issues that the Chinese executive would possibly well well salvage admission to consumer records, given TikTok’s possession by the Chinese tech wide ByteDance.

In accordance with these issues, President Biden signed a invoice in April 2024 requiring ByteDance to sell TikTok’s U.S. operations or face a ban.

TikTok has a history of security vulnerabilities. In August 2022, Microsoft found a flaw in TikTok’s Android app, allowing hackers to take over accounts with a single click on.

Other vulnerabilities accumulate included bypassing privacy protections and stealing deepest consumer records, equivalent to cellular phone numbers and consumer IDs. No topic those factors, TikTok remains one in every of the most traditional social media platforms globally, with over 1 billion users.

For now, TikTok users, in particular those with high-profile accounts, are urged to live vigilant and myth any suspicious activity to the platform’s security group. The firm has assured its users that it is miles committed to conserving their records and combating future breaches.