{"id":24624,"date":"2024-06-05T03:10:18","date_gmt":"2024-06-05T11:10:18","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/06\/05\/news-18354\/"},"modified":"2024-06-05T03:10:18","modified_gmt":"2024-06-05T11:10:18","slug":"news-18354","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/06\/05\/news-18354\/","title":{"rendered":"Big name TikTok accounts hijacked after opening DM"},"content":{"rendered":"\n<p>High profile TikTok accounts, including CNN, Sony, and\u2014er\u00ad\u2014Paris Hilton have been targeted in a recent attack.<\/p>\n<p>CNN was the first account takeover that made the news, with <a href=\"https:\/\/www.semafor.com\/newsletter\/06\/02\/2024\/an-expensive-way-to-gain-relevance\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Semafor reporting<\/a> that the account was down for several days after the incident.<\/p>\n<p>According to <a href=\"https:\/\/www.forbes.com\/sites\/emilybaker-white\/2024\/06\/04\/a-zero-day-tiktok-hack-is-taking-over-celebrity-and-brand-accounts\/?sh=334144b6060a\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Forbes,<\/a> the attack happens without the account owner needing to click on or open anything\u2014known as a zero-click attack. All they need to do is open a DM. The account is then taken over and the user loses access.<\/p>\n<p>Malwarebytes\u2019 Pieter Arntz explained how this sort of attack could happen:<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cIf they don\u2019t need to click on anything, this could well be a vulnerability in the way content is loaded when opening the DM. We\u2019ve seen similar vulnerabilities before in Chromium browser, for example when fabricated images are loaded.\u201d<\/p>\n<\/blockquote>\n<p>TikTok says it has now fixed the issue and is working to get the accounts back to their rightful owners. Spokesperson Alex Haurek told Forbes:<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cOur security team is aware of a potential exploit targeting a number of brand and celebrity accounts. We have taken measures to stop this attack and prevent it from happening in the future.&nbsp;\u201c<\/p>\n<\/blockquote>\n<p>Haurek didn\u2019t say whether the attackers were still targeting accounts.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-securing-your-tiktok-account\">Securing your TikTok account<\/h2>\n<p>This attack is eye-catching because it&#8217;s technically unusual, and was used against people who naturally attract headlines. However, it&#8217;s a flash in the pan and the vulnerability was quickly patched. <\/p>\n<p>Meanwhile, there&#8217;s a thriving underground market in social logins fuelled with much more successful, but much more mundane forms of attack. To reduce your risk of those, make sure you do these things:<\/p>\n<ul>\n<li><strong>Use a strong password<\/strong> to secure your account, and make sure you&#8217;ve not used it elsewhere. You can use a password manager to remember your passwords.<\/li>\n<li><strong>Enable two-step verification <\/strong>on your account. <a href=\"https:\/\/support.tiktok.com\/en\/account-and-privacy\/personalized-ads-and-data\/how-your-phone-number-is-used-on-tiktok\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">TikTok tells you how to do that here<\/a>.<\/li>\n<li><strong>Check what devices are logged into your account. <\/strong><a href=\"https:\/\/www.tiktok.com\/safety\/youth-portal\/keep-your-account-secure?lang=en\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">TikTok Device Management<\/a> allows you to view what devices are logged into your account, remove them if needed, and get notified if there is suspicious activity on your account.<\/li>\n<li><strong>Be careful what you click on<\/strong>. If you receive a link from someone and you don&#8217;t know what it is, don&#8217;t click on it. Check via a different communication channel about what the link is. In this case, it appears that someone only had to open a DM in order to get their account taken over so watch out for DMs you&#8217;re not expecting.<\/li>\n<li><strong>Don&#8217;t feel pressure<\/strong>. If someone is messaging you asking you to click on or send them something, think before you do it. Putting pressure on someone to perform an action quickly is a common tactic used by scammers. <b>T<\/b><strong>rust your instincts<\/strong>.<\/li>\n<\/ul>\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\" \/>\n<p><strong>We don&#8217;t just report on threats &#8211; we help safeguard your entire digital identit<\/strong>y<\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Protect your\u2014and your family&#8217;s\u2014personal information by using <a href=\"https:\/\/www.malwarebytes.com\/identity-theft-protection\">identity protection<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/06\/big-name-tiktok-accounts-hijacked-after-opening-dm\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> High profile TikTok accounts have been targeted in a recent attack. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[8200,32,31502,26699,14224,21168,31503],"class_list":["post-24624","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-cnn","tag-news","tag-paris-hilton","tag-personal","tag-sony","tag-tiktok","tag-tiktok-attack"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24624","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=24624"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24624\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=24624"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=24624"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=24624"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}