TikTok Acknowledges Zero-Click Exploit Targeting Brand and Celebrity Accounts

By Lore Apostol / June 5, 2024

Popular short-video app TikTok announced on Tuesday that it is taking measures to stop a cyberattack targeting several high-profile brand and celebrity accounts on the platform and prevent it from happening again. TikTok, owned by ByteDance, said that the number of successful account hijacks is "very small." 

CNN, Sony, and Paris Hilton are among the targeted brands and companies, and while some of the targeted accounts were not compromised, CNN’s account was not so lucky. The hackers’ goals were not immediately clear, as none of the affected accounts had begun to post content.

The parent company refrained from disclosing details on the vulnerability or the mitigation techniques used. However, Semafor and Forbes have reported a zero-click account takeover campaign that distributes malware via direct messages to compromise brand and celebrity accounts without having to interact with it. CNN’s account was broken into by a hacker last week and remained down for several days, according to Semafor.

Previous incidents for TikTok include flaws letting attackers bypass privacy protections and steal private user details and Microsoft’s August 2022 report of a vulnerability in TikTok’s Android app permitting account takeovers with a single tap.

The attacks arrive as the US presidential elections prepare to get underway, with many candidates using the social media service as a battleground aimed at young voters. Besides, the bill signed by President Biden in April citing national security concerns will ban Chinese company ByteDance from operating in the U.S. unless it sells the app. As a response, TikTok sued the U.S. government.

Earlier this month, Donald Trump joined TikTok to campaign despite attempting to ban it on national security grounds during his presidency.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: