Security breach hits CNN, Paris Hilton, and Sony’s TikTok profiles
June 05, 2024
A flaw in the widely-used video-sharing platform TikTok was exploited by cybercriminals to gain control over famous personalities’ accounts.
Exploiting a newly discovered flaw in TikTok, cybercriminals managed to take hold of prominent accounts. The vulnerability was found in the direct messaging function of the platform, as reported by Forbes.
The malware propagated through direct messages on the app, only necessitating the user to open a message. The impacted accounts did not make any posts, and the scale of the breach remains uncertain. TikTok representative Alex Haurek mentioned that their security squad is cognizant of the exploit and has deployed countermeasures to halt the breach and prevent potential occurrences. The firm is collaborating with affected account holders to reinstate access.
The list of affected accounts encompasses CNN, Paris Hilton, and Sony, though the exact number of breached accounts is undetermined.
The company refrained from releasing technical specifics about the loophole exploited by the attackers.
“Our security team has identified a potential exploit aimed at various brand and celebrity accounts. We have taken actions to thwart this breach and avert any future threats. We are in direct contact with impacted account owners to assist in regaining access, if required,” said TikTok spokesperson Alex Haurek to Forbes.
Haurek emphasized that the incursions affected only a minor number of accounts.
Semafor initially revealed the intrusion into CNN’s TikTok account, leading the broadcaster to deactivate its account temporarily.
The TikTok spokesperson additionally informed that their security team was recently alerted to malicious actors targeting CNN’s account.
TikTok asserted its commitment to preserving the platform’s integrity and will continue vigilant monitoring against any fraudulent activities.
In August 2022, researchers at Microsoft unearthed a high-risk flaw (CVE-2022-28799) in the TikTok Android application, potentially enabling attackers to gain control of users’ accounts with a single click. The specialists mentioned that exploiting the vulnerability would entail additional flaws to hijack an account. Microsoft promptly reported the issue to TikTok in February 2022, and the company swiftly remedied it. Microsoft confirmed no known instances of attacks leveraging the bug in the wild.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, zero-day)
About Author
