TikTok is in trouble, and hackers are trying to make it even worse: Malicious code has taken over TikTok accounts, compromising the official accounts of celebrities and brands like Paris Hilton and CNN.
The hackers behind the attack sent the malware via direct messages (DMs) on the platform.
Users didn’t need to click a link or download a file to be hacked: simply opening the message infected their device.
For security alerts and expert tips, sign up for KURT’s newsletter, The Cyberguy Report, here.
People on TikTok (Kurt “Cyberguy” Knutson)
What you need to know about TikTok DM abuse
Hackers appear to be targeting high-profile TikTok accounts, having previously targeted accounts from CNN, Sony, and Paris Hilton. CNN was the first account to be hacked, and was reportedly down for several days after the incident.
The attack reportedly occurs without the account owner having to click or open anything; this is known as a zero-click attack. Simply opening a DM can take over an account and lock out the legitimate owner. The vulnerability could be in how content is handled when a DM is opened. Similar weaknesses have been identified before, such as a vulnerability in the Chromium browser triggered by fake images.
High-tech in-store price tags can make retail prices jump in seconds
We reached out to TikTok, and a spokesperson told CyberGuy: “Our security team is aware of a potential attack targeting a number of high-profile accounts. We prevented this attack and have taken steps to prevent such attacks from occurring in the future. We will work directly with affected account holders to restore access, where necessary.”
The hack appears to be a “zero-day” attack, meaning that bad actors discovered a vulnerability in TikTok’s code before the developers did, leaving the app with a zero-day to defend against it.
TikTok logo on a smartphone (Kurt “Cyberguy” Knutson)
Android banking Trojan poses as Google Play to steal data
TikTok has been hacked before
This is not the first hacking incident for TikTok: in 2023, over 700,000 accounts were hacked in Turkey due to TikTok’s insufficiently secure two-factor authentication system. All this happened right before Turkey’s crucial presidential elections, making things even more confusing.
In 2022, Microsoft security experts discovered a major flaw in the TikTok app that could allow hackers to take over your account simply by clicking on a malicious link.
Concerns about TikTok’s data security Its ties to its Chinese parent company, ByteDance, have also drawn the attention of lawmakers. The U.S. government is concerned that China could use the app to spy on Americans or influence the messages they see. President Biden signed a bill that forces ByteDance to sell its TikTok business in the U.S. or face a U.S. ban.
How to protect yourself if your mobile number is leaked on the dark web
TikTok account on a laptop (Kurt “Cyberguy” Knutson)
Banking Trojan targets more apps, putting Android users at risk
6 ways to protect yourself from the dangers of TikTok DMs
To prevent your TikTok account from being hacked by malicious DMs, follow these steps.
1. Use strong antivirus software to protect against phishing attacks. Be wary of emails, phone calls, or messages from unknown sources asking for personal information. Do not click on suspicious links or provide sensitive information unless you can verify the legitimacy of the request.
The best way to protect yourself from clicking on malicious links that could install malware that could access your personal information is to install antivirus protection on all your devices, which will also warn you about phishing emails and ransomware scams. Get my picks for the winners of the best antivirus protection of 2024 for Windows, Mac, Android and iOS devices.
2. Use strong, unique passwords: create Strong passwords Make sure you set the same password for your accounts and devices, and be careful not to use the same password for multiple online accounts. Password Manager Securely store and generate complex passwords. It helps you create unique, hard-to-crack passwords that hackers can’t guess. It also tracks all your passwords in one place and enters them when you log into your accounts so you don’t have to remember them yourself. The fewer passwords you have to remember, the less likely you are to reuse them on your accounts. Learn more about me Check out the best password managers for 2024, reviewed by experts here.
3. Enable two-factor authentication. To enable Two-factor authentication Whenever possible, they will require a second form of verification, such as a code sent to your mobile phone, in addition to your password, providing an extra layer of security.
4. Keep your TikTok app up to dateTo avoid being hacked, regularly update your TikTok app, as well as your antivirus software, web browser, and other applications to ensure you have the latest security patches and protection.
5. Review and adjust your privacy settings. Make sure your TikTok privacy settings are set appropriately. Limit who can send you direct messages, comment on your videos, and view your profile. This will reduce the risk of unwanted interactions with potential hackers.
6. Monitor your account activity: Regularly check your account activity for unusual behavior or unauthorized access. TikTok provides a log of devices that have accessed your account. If you notice an unfamiliar device, change your password immediately and log out of all devices. TikTok also provides a channel for you to report any suspicious activity on your account. Report a problem in the app.
How to remove your personal information from the internet
Important points about the cart
TikTok needs to tighten its systems to prevent hackers from gaining access to users’ accounts. While recent incidents seem to affect celebrities and high-profile accounts, it’s possible that bad actors will start targeting regular users. Given these security concerns, it makes sense to recommend refraining from using TikTok, or at least using it with extreme caution. In the meantime, be careful: if someone sends you a message asking you to click or send something, don’t just do it. Scammers love to pressure people to act quickly. So take a breath and think twice before clicking.
HUMANPLUS robot can play piano, play table tennis and even boxing
Do you think government intervention is necessary to improve the security of social media platforms? Cyberguy.com/Contact Us
If you want to receive more of my tech tips and security alerts, subscribe to the free CyberGuy Report newsletter at the link below. Cyberguy.com/Newsletter
Have a question for Kurt or tell us the story you’d like to see featured?
Follow Kurt on our social channels
Answers to the CyberGuy’s most frequently asked questions:
Click here to get the FOX News app
Copyright 2024 CyberGuy.com. All Rights Reserved.
