TikTok has swiftly addressed a significant vulnerability that led to a rare form of cyberattack this week. The exploit involved hackers sending malware-infused private messages to targeted users.
Upon opening these infected messages, the recipients’ accounts were immediately compromised. Among the high-profile targets, CNN’s TikTok account was successfully taken over, and there was an attempt to hijack Paris Hilton’s account, as reported by Axios.
A TikTok spokesperson confirmed to Axios that the platform is actively collaborating with the affected account holders to help them regain control over their profiles. The attacks are suspected to be zero-click spyware assaults, a sophisticated tactic typically employed against government officials, journalists, and political activists. Unlike traditional objectives of such attacks, which aim to steal sensitive data from the device, the primary goal here was to seize control of the TikTok accounts themselves.
Though only two accounts have been publicly identified as victims so far, TikTok acknowledges the potential for additional accounts to be targeted. The company has not yet disclosed the specific vulnerability that the hackers exploited but assures that measures are being taken to prevent similar breaches in the future. For now, it appears that the average TikTok user is not at risk from this particular attack.