TikTok says it fixed a vulnerability that enabled a cyberattack on high-profile accounts

The cyberattack involved direct messages laced with malicious code.

Unsplash / Alexander Shatov

TikTok says it has fixed a vulnerability that allowed for a cyberattack that targeted high-profile accounts, as reported by Axios. A TikTok spokesperson added that the company is currently working to restore access to impacted users.

The social media giant hasn’t announced how many accounts were hit by the attack, but we do know that CNN and Paris Hilton were targets. The hack involved sending messages to users that were filled with malicious code. When the user opened up the message, the code went to work and took over the entire account. Oddly, the impacted accounts didn’t post anything while they were compromised.

It remains unclear who was behind the attack and what their ultimate goal was, aside from taking over celebrity TikTok accounts. TikTok also remains mum as to the specifics regarding the vulnerability that allowed for the attack in the first place. This type of hack is extremely rare, however, so it shouldn’t be a big concern for average users.

The hack is known as a zero-click attack, meaning that you don’t have to click on anything to get infected. In this case, users just had to open up a direct message. The method used here is similar to zero-click spyware attacks, only those hackers target high-profile government officials and journalists for the purpose of secretly gathering information. This attack took over the whole account for unknown purposes.

This isn’t the first big TikTok hack. Last year, over 700,000 accounts in Turkey were compromised due to insecure SMS channels. Researchers at Microsoft discovered a flaw back in 2022 that let hackers overtake accounts with just a single click. Later that same year, an alleged security breach allegedly impacted more than a billion users. That’s a whole lot of people.