Malicious code has been taking over accounts on TikTok, including those of celebrities and brands such as CNN, Paris Hilton, and Sony. The malware is being transmitted through direct messages within the TikTok app and does not require any action from users beyond opening a message. The hacked accounts do not appear to be posting any content, and the exact number of affected accounts is currently unknown.
TikTok spokesperson Alex Haurek has stated that the company’s security team is aware of the potential exploit targeting these accounts and has taken measures to stop the attack and prevent it from happening in the future. They are working with affected account owners to restore access as needed. While Haurek mentioned that the number of compromised accounts is very small, he did not provide a specific number or details on how TikTok is protecting other exposed accounts, considering the platform has over a billion global users.
CNN’s TikTok account was specifically targeted by malicious actors, prompting TikTok to collaborate closely with CNN to restore account access and implement enhanced security measures. The company is dedicated to maintaining the integrity of the platform and will continue to monitor for any further inauthentic activity. Paris Hilton, CNN, and Sony have not responded to requests for comment at this time.
TikTok has experienced multiple hacking incidents over the years, including a case in 2023 where up to 700,000 accounts in Turkey were compromised due to the company’s use of insecure SMS channels for two-factor authentication. In 2022, researchers at Microsoft discovered a vulnerability in the TikTok app that allowed hackers to overtake accounts with a single click. The constant security breaches have raised concerns about the Chinese government potentially using the app for spying or influencing content.
Concerns about TikTok’s security and privacy practices have led lawmakers to consider the Chinese parent company, ByteDance, as a potential threat to national security. This has resulted in a law that requires ByteDance to divest from TikTok or face a ban in the United States. TikTok and ByteDance have challenged the bill in court, and the ongoing security issues with the app have only added fuel to the fire. The situation is still developing as more information about the recent hacking incident on TikTok continues to unfold.