A new zero-day vulnerability has been discovered in TikTok that has already led to the hacking of various celebrity and brand accounts on the platform, reportedly via the app's direct messages (DMs).
This latest attack has already affected a range of victims, and it didn't require much effort for the accounts to do anything other than open the message.
TikTok hack: New zero-day attack targets celebrity and brand accounts via direct messages
A new report from Forbes magazine details a recent sophisticated attack on TikTok that allowed accounts of celebrities, brands, businesses and more to be hacked via direct messages.
These accounts may have had hundreds or even thousands of messages, but exploiting the zero-day vulnerability allowed exploiters to access those profiles with little effort.
The new malware reportedly doesn't require any special action from the hackers, nor does it require any link to be clicked or opened, but it still gave the hackers mass access to accounts, including companies like CNN and Sony, well-known business moguls, TV personalities and socialites like Paris Hilton, among others, reportedly compromised.
Fortunately, there were no unusual posts on these accounts and no other actions were reported on the part of the attackers, but the fact that their plans remain unknown is still a dangerous precedent.
Read also: TikTok to release “US version” of app algorithm to stay afloat – can it avoid ban?
TikTok zero day: Company is aware and currently working on a fix
Gizmodo reported that TikTok has already acknowledged the latest attack on users, which targeted brand and celebrity accounts on the platform. At this time, TikTok is taking appropriate measures to mitigate the attack and prevent a similar attack from happening again against other users on the platform.
Additionally, TikTok is already working directly with victims to restore access to their accounts.
TikTok security issues and problems
Previously, Microsoft discovered a “one-click” exploit in the Android version of TikTok that put users at risk, but quickly provided a fix.
TikTok has faced a variety of attacks from threat actors, one of which centered around a massive data breach that gave attackers access to user records on the platform.
Despite claims that the hacking group had access to TikTok's systems, the company denied this, saying an investigation into the access found nothing.
Social media platforms have long been targets for various attack methods by threat actors as they hold personal and sensitive information of various users, celebrities, businesses, and ordinary people.
While the company has confirmed this latest zero-day attack on TikTok and is working with victims to restore access, it shows that this new attack is large-scale and has the potential to target nearly every user on the platform.
Related article: Study finds TikTok fails 'disinformation test', approves misleading election ads ahead of EU vote
ⓒ 2024 TECHTIMES.com All rights reserved. Please do not reproduce without permission.
