TikTok warns of exploit aimed at 'high-profile accounts'
The social media giant TikTok is working with the owners of high-profile accounts to address an account takeover campaign targeting prominent users of the platform.
On Tuesday, Forbes reported that sources inside of TikTok believe a strain of malware is being spread by unidentified threat actors through the platform’s direct message feature. The malware allows hackers to take over an account without victims having to click on any link or download anything.
"Our security team is aware of a potential exploit targeting a number of high-profile accounts. We have taken measures to stop this attack and prevent it from happening in the future,” a TikTok spokesperson told Recorded Future News in a statement.
“We're working directly with affected account owners to restore access, if needed."
While the current number of victims is unknown, Forbes and Semafor have confirmed that CNN’s TikTok account was taken over. The hackers also targeted the account of Paris Hilton and a Sony brand account, according to the site.
A TikTok spokesperson declined to answer questions about what kind of malware was being used, how many accounts have been compromised or who the attackers might be.
Hackers have previously used the social media platform as a way to spread malware, with several campaigns being identified in recent years. In 2022, hackers used a popular TikTok challenge to get people to download information-stealing malware.
Forbes noted that Microsoft previously discovered a vulnerability in the TikTok app on Android devices that allowed hackers to take over accounts after victims clicked a malicious link sent through direct messages.
TikTok changed its head of global security in 2022 to Kim Albarella, who is still serving in the role.
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.