Widespread video-sharing platform TikTok has acknowledged a security problem that has been exploited by risk actors to take management of high-profile accounts on the platform.
The event was first reported by Semafor and Forbes, which detailed a zero-click account takeover marketing campaign that permits malware propagated by way of direct messages to compromise model and movie star accounts with out having to click on or work together with it.
It is presently unclear what number of customers have been affected, though a TikTok spokesperson stated that the corporate has taken preventive measures to cease the assault and stop it from occurring sooner or later.
The corporate additional stated that it is working instantly with impacted account holders to revive entry and that the assault solely managed to compromise a “very small” variety of customers. It didn’t present any specifics concerning the nature of the assault or the mitigation strategies it had employed.
This isn’t the primary time security points have been uncovered within the widely-used service. In January 2021, Verify Level detailed a flaw in TikTok that might have doubtlessly enabled an attacker to construct a database of the app’s customers and their related cellphone numbers for future malicious exercise.
Then in September 2022, Microsoft uncovered a one-click exploit affecting TikTok’s Android app that might let attackers take over accounts when victims clicked on a specifically crafted hyperlink.
That is not all. As many as 700,000 TikTok accounts in Turkey had been discovered to have been compromised final yr, after stories emerged that the greyrouting of SMS messages via insecure channels enabled adversaries to intercept one-time passwords and acquire entry to TikTok customers’ accounts and inflate likes and followers.
Dangerous actors have additionally capitalized on TikTok’s Invisible Problem to ship information-stealing malware, highlighting continued efforts on the a part of attackers to unfold malware via unconventional means.
TikTok’s Chinese language roots have led to considerations that the app may very well be used as a conduit to collect delicate info on American customers and push propaganda, finally resulting in the passage of a legislation that may ban the video app within the nation until it’s divested from ByteDance.
Final month, the social media big filed a lawsuit within the U.S. difficult the act, stating it is an “extraordinary intrusion on free speech rights” and that the U.S. had put forth solely “speculative considerations” to justify the ban.
Different nations like India, Nepal, Senegal, Somalia, and Kyrgyzstan have imposed comparable bans on TikTok, with a number of different nations, together with the U.S., the U.Ok., Canada, Australia, and New Zealand, barring using the app on authorities gadgets.