Made with ♥ by Avi

High-Profile TikTok Accounts Targeted in Rare Zero-Click Attack

Popular social media platform TikTok has patched a vulnerability that exposed high-profile accounts to a cyberattack, according to a recent Axios report. The company is currently working on restoring access to impacted users.

The attack involved malicious code embedded in direct messages. Upon opening the message, the code would hijack the targeted account. While the exact number of compromised accounts remains undisclosed, CNN and Paris Hilton were confirmed targets.

Unlike typical hacks, the compromised accounts didn’t exhibit any unusual activity during the takeover. The motives behind the attack and the identity of the perpetrators are yet to be revealed by TikTok. However, they did confirm this was a rare incident and likely not a significant threat to everyday users.

This particular attack falls under the category of a zero-click attack, meaning infection occurs simply by opening the message, without requiring any further action from the user. The method employed here bears resemblance to zero-click spyware attacks, however, with a key difference in targets. Spyware attacks typically target high-profile figures in government or journalism for information gathering, whereas this attack aimed at complete account control for reasons yet unknown.

Unfortunately, this isn’t TikTok’s first brush with security vulnerabilities. Last year, over 700,000 accounts in Turkey were compromised due to unsecured SMS channels. Additionally, a 2022 discovery by Microsoft researchers revealed a one-click account takeover flaw, followed by an alleged data breach impacting over a billion users later that same year.

High-Profile TikTok Accounts Targeted in Rare Zero-Click Attack

High-Profile TikTok Accounts Targeted in Rare Zero-Click Attack

Popular social media platform TikTok has patched a vulnerability that exposed high-profile accounts to a cyberattack, according to a recent Axios report. The company is currently working on restoring access to impacted users.

The attack involved malicious code embedded in direct messages. Upon opening the message, the code would hijack the targeted account. While the exact number of compromised accounts remains undisclosed, CNN and Paris Hilton were confirmed targets.

Unlike typical hacks, the compromised accounts didn’t exhibit any unusual activity during the takeover. The motives behind the attack and the identity of the perpetrators are yet to be revealed by TikTok. However, they did confirm this was a rare incident and likely not a significant threat to everyday users.

This particular attack falls under the category of a zero-click attack, meaning infection occurs simply by opening the message, without requiring any further action from the user. The method employed here bears resemblance to zero-click spyware attacks, however, with a key difference in targets. Spyware attacks typically target high-profile figures in government or journalism for information gathering, whereas this attack aimed at complete account control for reasons yet unknown.

Unfortunately, this isn’t TikTok’s first brush with security vulnerabilities. Last year, over 700,000 accounts in Turkey were compromised due to unsecured SMS channels. Additionally, a 2022 discovery by Microsoft researchers revealed a one-click account takeover flaw, followed by an alleged data breach impacting over a billion users later that same year.

Enable Optimization for improving page speed on Firefox?

Enabling will throttle your experience throughout the site, you will have reduced animations, no transparency effects, potentially reduced visual harmony. Learn why

You won't be prompted again, but you can change your settings by clicking on the bottom left icon.

We use cookies 🍪 & trackers for analytics & performance. By browsing, you accept our Privacy Policy - Learn more. Exit to opt-out