TikTok is having a tough time, and hackers are working hard to add to its misery. A malicious code took over accounts on TikTok and compromised the official presence of celebrities and brands, including Paris Hilton and CNN.
The hackers behind this sent malware via direct messages (DMs) on the platform. Users didn’t have to click any links or download any files to get hacked. Just opening the message was enough for a device to be infected.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
What you need to know about TikTok DMs exploit
Hackers are apparently targeting high-profile TikTok accounts. So far, accounts including CNN, Sony, and Paris Hilton have been targeted. CNN was the first account that got hacked, and it was reportedly down for several days after the incident.
The attack reportedly happens without the account owner needing to click on or open anything—known as a zero-click attack. All they need to do is open a DM, and the account can be taken over, leaving the rightful owner locked out. The vulnerability might lie in how content is processed when a DM is opened. Similar weaknesses have been identified before, such as vulnerabilities in the Chromium browser triggered by fabricated images.
We reached out to TikTok, and a spokesperson provided this statement to CyberGuy,
Our security team is aware of a potential exploit targeting a number of high-profile accounts. We have taken measures to stop this attack and prevent it from happening in the future. We’re working directly with affected account owners to restore access, if needed.
The hack appears to be a “zero-day” attack, which means the bad actors discovered the vulnerability in TikTok’s code before the developers did. TikTok had zero days to prevent it.
ANDROID BANKING TROJAN MASQUERADES AS GOOGLE PLAY TO STEAL YOUR DATA
TikTok has a history of getting hacked
This is not TikTok’s first hacking incident. Back in 2023, over 700,000 accounts in Turkey got hacked because TikTok’s two-factor authentication system wasn’t secure enough. This all happened right before an important Presidential election in Turkey, which made things even messier.
In 2022, security experts at Microsoft found a major flaw in the TikTok app. All it took was clicking a bad link, and hackers could hijack your account.
Concerns about TikTok’s data security and its connection to ByteDance, its Chinese parent company, have also captured the attention of lawmakers. The US government fears that China uses the app to spy on Americans or to influence the messages they see. President Joe Biden has even signed a bill forcing ByteDance to either sell off its US TikTok operations or face a ban in the country.
ANDROID USERS AT RISK AS BANKING TROJAN TARGETS MORE APPS
6 ways to protect yourself from TikTok DM danger
To make sure your TikTok account doesn’t get hacked by malicious DMs, follow these steps.
1) Use strong antivirus software to protect against phishing attempts: Stay vigilant when it comes to emails, phone calls, or messages from unknown sources asking for personal information. Avoid clicking on suspicious links or providing sensitive details unless you can verify the legitimacy of the request.
The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
2) Use strong and unique passwords: Create strong passwords for your accounts and devices, and avoid using the same password for multiple online accounts. Consider using a password manager to securely store and generate complex passwords. It will help you to create unique and difficult-to-crack passwords that a hacker could never guess. Second, it also keeps track of all your passwords in one place and fills passwords in for you when you’re logging into an account so that you never have to remember them yourself. The fewer passwords you remember, the less likely you will be to reuse them for your accounts. Get more details about my best expert-reviewed Password Managers of 2024 here.
3) Enable two-factor authentication: Enable two-factor authentication whenever possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password.
4) Keep your TikTok app up to date. Regularly update your TikTok app to avoid getting hacked. While you’re at it, update your antivirus software, web browsers, and other applications to ensure you have the latest security patches and protections.
5) Review and adjust privacy settings: Ensure that your TikTok privacy settings are appropriately configured. Limit who can send you direct messages, comment on your videos, and view your profile. This reduces the risk of unwanted interactions with potential hackers.
6) Monitor account activity: Regularly check your account activity for any unusual behavior or unauthorized access. TikTok provides a log of devices that have accessed your account. If you notice any unfamiliar devices, immediately change your password and log out of all devices. Also, to report suspicious activity on your account, TikTok provides channels to report a problem in their app.
HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET
Kurt’s key takeaways
TikTok needs to strengthen its system to ensure hackers don’t access users’ accounts. While the current incident seems to be affecting celebrities and high-profile accounts, bad actors may also start targeting common users. Given these security concerns, it should come as no surprise that I advise against using TikTok, or at the very least, to use it with extreme caution. Meanwhile, be cautious. If someone messages you asking you to click on something or send them something, don’t just do it. Scammers love pressuring people to act fast, so take a breath and think twice before you click.
Do you think government intervention is necessary to improve the security of social media platforms? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.