Powered by

Get Hosting
High-Profile TikTok Accounts Targeted in Rare Zero-Click Attack

High-Profile TikTok Accounts Targeted in Rare Zero-Click Attack

Popular social media platform TikTok has patched a vulnerability that exposed high-profile accounts to a cyberattack, according to a recent Axios report. The company is currently working on restoring access to impacted users.

The attack involved malicious code embedded in direct messages. Upon opening the message, the code would hijack the targeted account. While the exact number of compromised accounts remains undisclosed, CNN and Paris Hilton were confirmed targets.

Unlike typical hacks, the compromised accounts didn’t exhibit any unusual activity during the takeover. The motives behind the attack and the identity of the perpetrators are yet to be revealed by TikTok. However, they did confirm this was a rare incident and likely not a significant threat to everyday users.

This particular attack falls under the category of a zero-click attack, meaning infection occurs simply by opening the message, without requiring any further action from the user. The method employed here bears resemblance to zero-click spyware attacks, however, with a key difference in targets. Spyware attacks typically target high-profile figures in government or journalism for information gathering, whereas this attack aimed at complete account control for reasons yet unknown.

Unfortunately, this isn’t TikTok’s first brush with security vulnerabilities. Last year, over 700,000 accounts in Turkey were compromised due to unsecured SMS channels. Additionally, a 2022 discovery by Microsoft researchers revealed a one-click account takeover flaw, followed by an alleged data breach impacting over a billion users later that same year.

High-Profile TikTok Accounts Targeted in Rare Zero-Click Attack

High-Profile TikTok Accounts Targeted in Rare Zero-Click Attack

Popular social media platform TikTok has patched a vulnerability that exposed high-profile accounts to a cyberattack, according to a recent Axios report. The company is currently working on restoring access to impacted users.

The attack involved malicious code embedded in direct messages. Upon opening the message, the code would hijack the targeted account. While the exact number of compromised accounts remains undisclosed, CNN and Paris Hilton were confirmed targets.

Unlike typical hacks, the compromised accounts didn’t exhibit any unusual activity during the takeover. The motives behind the attack and the identity of the perpetrators are yet to be revealed by TikTok. However, they did confirm this was a rare incident and likely not a significant threat to everyday users.

This particular attack falls under the category of a zero-click attack, meaning infection occurs simply by opening the message, without requiring any further action from the user. The method employed here bears resemblance to zero-click spyware attacks, however, with a key difference in targets. Spyware attacks typically target high-profile figures in government or journalism for information gathering, whereas this attack aimed at complete account control for reasons yet unknown.

Unfortunately, this isn’t TikTok’s first brush with security vulnerabilities. Last year, over 700,000 accounts in Turkey were compromised due to unsecured SMS channels. Additionally, a 2022 discovery by Microsoft researchers revealed a one-click account takeover flaw, followed by an alleged data breach impacting over a billion users later that same year.