Popular video-sharing platform TikTok has acknowledged a security issue that threat actors exploited to take over high-profile accounts on the platform.
The move was first reported by Semafor and Forbes, which detailed zero-click account takeover campaigns that compromise the accounts of brands and celebrities with malware that is spread through direct messages without any click or action required.
It's unclear at this time how many users were affected, but a TikTok spokesperson said the company thwarted the attack and has taken preventative measures to prevent something like this from happening in the future.
The company further said it was working directly with affected account holders to restore access and that the attack only affected a “very small number” of users, without providing details about the nature of the attack or the mitigation techniques it employed.
This isn't the first time the popular service has had security issues: In January 2021, Check Point published details of a flaw in TikTok that could have allowed attackers to build a database of the app's users and their phone numbers to use for future malicious activity.
Then, in September 2022, Microsoft discovered a one-click vulnerability affecting TikTok's Android app that could allow an attacker to take over an account if the victim clicked on a specially crafted link.
And that's not all: up to 700,000 TikTok accounts were found to have been compromised in Turkey last year after reports emerged that greyrouting of SMS messages through insecure channels allowed attackers to intercept one-time passwords and access TikTok users' accounts to gain more likes and followers.
Bad actors have used TikTok's Invisible Challenge to distribute information-stealing malware, highlighting ongoing efforts by attackers to spread malware through unconventional means.
TikTok's origins in China have raised concerns that the app could be used to collect sensitive information about U.S. users and promote propaganda, ultimately leading to the passage of legislation banning the video app in the country unless it was sold by ByteDance.
Last month, the social media giant filed a lawsuit in the US challenging the law, arguing it was an “extraordinary infringement of free speech” and that the US had only presented “speculative concerns” to justify the ban.
Other countries including India, Nepal, Senegal, Somalia and Kyrgyzstan have also imposed similar bans on TikTok, while several other countries including the US, UK, Canada, Australia and New Zealand have also banned the app on government devices.
