There’s a new exploit making its way through TikTok and it has already compromised the official accounts of Paris Hilton, CNN and others, as reported by Forbes. It’s spread via direct message and doesn’t require a download, click or any form of response, beyond opening the chat. It’s currently unclear how many accounts have been affected.
Even weirder? The hacked accounts aren’t really doing anything. A source within TikTok told Forbes that these impacted accounts “do not appear to be posting content”. TikTok issued a statement to The Verge, saying that it is "aware of a potential exploit targeting a number of brand and celebrity accounts." The social media giant is "working directly with affected account owners to restore access."
Semafor recently reported that CNN’s TikTok had been hacked, which forced the network to disable the account. It’s unclear if this is the very same hack that has gone on to infect other big-time accounts. The news organization said that it was “working with TikTok on the backend on additional security measures.”
CNN staffers told Semafor that the news entity had “grown lax” regarding digital safety practices, with one employee noting that dozens of colleagues had access to the official TikTok account. However, another network source suggested that the breach wasn’t the result of someone gaining access from CNN’s end. That’s about all we know for now. We’ll update this post when more news comes in.
Of course, this isn’t the first big TikTok hack. Back in 2023, the company acknowledged that around 700,000 accounts in Turkey had been compromised due to insecure SMS channels involved with its two-factor authentication. Researchers at Microsoft discovered a vulnerability in 2022 that allowed hackers to overtake accounts with just a single click. Later that same year, an alleged security breach allegedly impacted more than a billion users.
This article originally appeared on Engadget at https://www.engadget.com/malicious-code-has-allegedly-compromised-tiktok-accounts-belonging-to-cnn-and-paris-hilton-174000353.html?src=rss