Malicious code is invading TikTok accounts, affecting celebrities and brands, including CNN’s official account. Other accounts hacked include Paris Hilton and the Sony brand.
The malware is sent via direct messages (DMs) on TikTok and requires no action from users other than opening the message itself. So far, the compromised accounts have not posted content, and it’s unclear how many have been affected, CNN itself revealed.
“Our security team is aware of a potential exploit targeting multiple brand and celebrity accounts. We have taken steps to stop this attack and prevent it from happening in the future. We are working directly with the affected account owners to restore access if necessary,” TikTok spokesperson Alex Haurek said.
Horek added that the number of hacked accounts was “very small” but declined to provide a specific number or details on additional security measures.
They also added that they are working closely with CNN to restore access to the account and implement enhanced security measures.
TikTok has been hacked several times in recent years. In the summer of 2023, around 700,000 accounts in Turkey were compromised due to the use of insecure SMS channels for two-factor authentication. In 2022, Microsoft researchers discovered another vulnerability that allowed accounts to be hacked with a single click on malicious links.