Hackers have planted malicious code on popular TikTok accounts. Hotel heiress Paris Hilton According to reports, it was also featured on CNN’s official website.
The malware spreads through TikTok’s direct messaging feature. Forbes reported on Tuesday.
The hack is a so-called “zero-day” attack, meaning that the hackers know about the vulnerability before the software developers do, allowing the developers to block the attack on a “zero day.” Certain attacks exploit vulnerabilities that may take days or weeks for developers to discover.
CNN was forced to disable its TikTok account for several days after a hacker intrusion last week. Semaphore reported earlier on Tuesday.
A spokesperson for the Warner Bros. Discovery-owned news channel told Semaphore that the company is “working with TikTok on the backend to implement additional cybersecurity measures” to ensure safety ahead of this fall’s presidential election.
Semaphore reported that several CNN staffers said the news network was neglecting its cybersecurity practices.
A CNN staffer told Semaphore that dozens of colleagues had access to the TikTok account.
However, a second network source told the site that the intrusion did not appear to be the result of someone accessing it from CNN’s side.
The Washington Post has reached out to TikTok, CNN and Hilton for comment.
Last summer, TikTok acknowledged that up to 700,000 accounts in Turkey had been compromised because the company was using an insecure two-factor authentication method.
In 2022, Microsoft researchers announced they had discovered a vulnerability in TikTok that could allow hackers to take over accounts with just one click.
US lawmakers have raised doubts about TikTok, a popular social media app owned by Chinese tech company ByteDance.
President Biden signed a bill requiring ByteDance to sell TikTok’s U.S. operations, citing concerns that Americans’ personal data could fall into the hands of the Chinese government.
ByteDance faces a ban in the United States if it does not sell TikTok by January. The company is suing in court for violating the law and denies claims that user data has been compromised.
