⚠️ A TikTok Cyberattack is Underway

Hackers are gaining access to large accounts through direct messages. Here's how you can lock your account down.

BREAKING NEWS

A TikTok Cyberattack is Underway
Hackers are gaining access to large accounts through direct messages. Here's how you can lock your account down.

🎧 Listen to this issue •  Subscribe to podcast

Today's News

Reach 8,300+ marketers for just $10! InfoContact

TIKTOK  Hack Doesn’t Even Require Users to Click

TikTok today confirmed it’s trying to shut down a cyberattack underway, so far targeting the accounts of large brands and creators.

It’s not clear if these attacks are linked, but accounts like CNN, Sony, and Paris Hilton have been affected. CNN’s account was offline for days after becoming a target.

No clicks required

The attempted breaches involve malware being sent as a Direct Message, and can affect the account owner’s ability to access their own TikTok profiles. What’s particularly frightening here is that this hack doesn’t require the user to download, click, or do anything other than opening the DM.

That’s different than the vulnerability Microsoft researchers found a few years back that let hackers take over accounts after someone clicked a malicious link in a DM.

It’s not clear what the hackers’ end-goal is, as none of the breached accounts have been used to post content.

We have taken measures to stop this attack and prevent it from happening in the future. We're working directly with affected account owners to restore access, if needed.

Jason Grosse, spokesperson, TikTok privacy and security team

It’s bad timing

It’s never a good time for a zero-day hack, but this seems to be a particularly bad time, especially given the American election coming this fall, and the potential ban of the app looming in the U.S.

How to secure your account

As for securing your own brand’s accounts, there are a few steps you can take.

  1. Make sure that you review who has access to your accounts, through the TikTok business manager. And then, set a recurring task in your task manager to do this at least monthly.

  2. It also might be worth looking at your own personal account and reviewing which apps you’ve authorized. Most marketing tools that connect to TikTok are fine, of course, but if you’re an early adopter and tend to try new things out a lot, you may want to delete connections to apps you’re not using.

  3. Everyone who uses your brand’s or client’s TikTok account should have two-factor authentication turned on and login alerts enabled.

If your account does get hacked, TikTok has a web page with help on getting it back. You can also report DMs that seem sus.

Subscribe to keep reading (it's free!)

This content is free, but you must be subscribed to Today in Digital Marketing to continue reading.

Already a subscriber?Sign In.Not now

Reply

or to participate.