TikTok Targeted by Malicious DMs, High-Profile Accounts Compromised
In a recent security breach, TikTok has come under fire after multiple high-profile accounts, including those of CNN and Paris Hilton, were compromised. This incident adds to a growing list of security concerns surrounding the popular social media platform.
Security experts warn that the attack leverages malicious code embedded within Direct Messages (DMs) and bypasses the need for users to click on any links or attachments. This raises serious concerns about the platform’s security measures, particularly when it comes to protecting user data and high-profile accounts.
“When it rains, it hails for TikTok!” commented Pete Nicoletti, Global Field CISO at Check Point Software Technologies. He highlights the string of security incidents TikTok has faced in recent years, including a lawsuit from the US government. This latest breach underscores the critical need for users to take immediate action to secure their accounts.
The Attack and How to Protect Yourself
According to reports, the malicious code is transmitted through DMs and executes upon opening the message, bypassing the need for user interaction. This exploit highlights the importance of enabling stronger security measures on your account.
“Stop what you are doing and set up two-factor authentication before you open any direct messages,” emphasises Nicoletti. Two-Factor Authentication (2FA) adds an extra layer of security by requiring a second verification step, typically a code sent to your phone, during the login process. This significantly reduces the risk of unauthorised access, even if your password is compromised.
Here are some additional security tips from Nicoletti to safeguard your TikTok account and other online profiles:
- Enable “Login with Verification Feature”: This feature requires a One-Time Password (OTP) sent to your phone number whenever someone attempts to log in to your account.
- Use Strong Passwords: Avoid using weak or easily guessable passwords. Consider using a password manager to generate and store strong, unique passwords for all your online accounts.
- Report Suspicious Activity: If you notice any unusual activity on your account, such as unexpected login attempts or changes to your profile information, report it immediately to TikTok support.
Echoes of the Past
This attack bears a resemblance to the infamous “Samy worm” incident that plagued MySpace in 2005. Ray Kelly, a Fellow at Synopsys Software Integrity Group, points out the similarities between the two events.
“This incident is reminiscent of the notorious ‘Samy worm’ that targeted MySpace in 2005,” Kelly explains. The Samy worm exploited vulnerabilities in MySpace’s input validation process, allowing malicious code to be injected through status updates. While the MySpace incident was a prank, the TikTok breach appears to be more malicious, targeting high-profile accounts for potential disruption.
Malicious Code vs Malware
Kelly clarifies the terminology used to describe the code used in the attack. “‘Malware’ might not be the right term, but malicious code or script.” He explains that the Samy worm used JavaScript code to exploit vulnerabilities, and the TikTok attack might utilise a similar approach.
The Road Ahead
The recent security breach highlights the ongoing need for robust security measures on social media platforms. Users are urged to remain vigilant and implement strong security practices to protect their accounts. It’s also crucial for TikTok to address the vulnerabilities exploited in this attack and prioritise user privacy and security. By working together, users and platforms can create a safer online environment for everyone.
