TikTok Direct Messages Compromise Influential Accounts
A TikTok direct messages vulnerability facilitated a zero-day attack, compromising several influential accounts.
- Merely opening the message was enough for the attackers to take over the accounts.
- The hacked TikTok accounts included high-profile ones belonging to CNN, Paris Hilton, and an official Sony brand account.
Attackers exploited a vulnerability in TikTok’s direct messages to hijack several high-profile TikTok accounts, possibly intending to spread political propaganda ahead of the elections.
The attack spread through TikTok’s direct messages. There was no link to press and no file to download; just opening the message was enough for the malicious code to take over the account. While the list of the victims has been kept under wrap, sources inside the company confirmed that CNN, Paris Hilton, and an official Sony brand account have been affected.
TikTok spokesperson, Alex Haurek, acknowledged the potential exploit targeting brand and celebrity accounts.
“We have taken measures to stop this attack and prevent it from happening in the future,” Haurek said. “We’re working directly with affected account owners to restore access, if needed.”
A Zero-Day Attack
Imagine your software is a house. Regular cyber-attacks occur when you leave your backdoor open and the malicious code sneaks in before you close it (patch fix). However, with zero-day attacks, the attackers find an open door that you didn’t even know existed, hiding it from everyone. The malicious code comes in and wreaks havoc before you even know there’s a problem. Since you don’t know from where it entered, you can’t just close the door.
The same thing happened here. The attackers found a hidden door through TikTok’s direct messages, and they used it to spread their malicious code before the company even realized that something was wrong. Had the company not managed to nip it in the bud, it could have been disastrous, as TikTok has about 1 billion monthly active users worldwide. It would have spread like wildfire as people were taught not to click on and download from unverified links. Nothing about merely opening direct messages on TikTok.
Credibility Dodges a Bullet
These malicious actors, through TikTok’s direct messages vulnerability, managed to take over this influential profile. For that duration of time, they had power over what came out. And considering CNN’s followers don’t know that the short video is not actually ‘CNN approved,’ they are more likely to run with it. Now, add to this mess the fact that this year is an election year, and you’ve got a gun ready to fire and throw the public off its kelter.
Sometimes the wrong thing from the right mouth can change the world.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Cybersecurity sections to stay informed and up-to-date with our daily articles.