Skip to content

Sony, CNN and other TikTok accounts hijacked by malicious code

  • by
  • 3 min read

A malicious code transmitted through direct messages (DMs) on TikTok has compromised several high-profile accounts, including those of celebrities and major brands. Among the victims are the official TikTok accounts of CNN, Paris Hilton, and a Sony brand.

The method of attack is particularly concerning as it requires minimal user interaction — simply opening a malicious message within the app can result in an account takeover, reports Forbes citing TikTok’s internal source.

This stealthy approach has left many users unaware of the breach until they lose access to their accounts. Despite the severity of the situation, the hacked accounts have not been observed posting unauthorised content, leaving the full scope of the compromise unclear.

The attack began with the hijacking of CNN’s TikTok account last week, as reported by Semaphor.

“Our security team is aware of a potential exploit targeting a number of brand and celebrity accounts. We have taken measures to stop this attack and prevent it from happening in the future. We’re working directly with affected account owners to restore access if needed,” said Alex Haurek, TikTok spokesperson.

Haurek reassured the public that the number of compromised accounts is “very small,” but declined to provide specific figures or detailed information on the protective measures being implemented.

As per TikTok, the current breach affects only a small number of accounts.

Regarding CNN’s compromised account, Haurek added, “Our security team was recently alerted to malicious actors targeting CNN’s TikTok account. We have been collaborating closely with CNN to restore account access and implement enhanced security measures to safeguard their account moving forward.”

This incident is not an isolated one for TikTok. The platform has experienced several significant security breaches over the past few years. In the summer of 2023, up to 700,000 accounts in Turkey were compromised due to insecure SMS channels used for two-factor authentication. This breach occurred amid the backdrop of Turkey’s highly contested presidential elections, raising concerns about the potential misuse of compromised accounts.

In 2022, researchers at Microsoft identified another vulnerability that allows hackers to hijack TikTok accounts with a single click. This exploit involved users clicking on malicious links, demonstrating the persistent threat of phishing attacks on the platform.

The latest breach adds fuel to ongoing concerns about TikTok’s security and privacy practices. US lawmakers have reportedly voiced concerns that the Chinese government could leverage TikTok’s Chinese parent company, ByteDance, to conduct espionage or influence public opinion in the United States. These concerns led them to enact a law requiring ByteDance to divest from TikTok or face a ban in the US. TikTok and ByteDance are currently challenging this legislation in court.

In the News: Raspberry Pi releases its first official AI accessory

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>