Do you use TikTok? Do your kids?<\/p>\n
You can put your hands down, I know that the question was more rhetorical than anything. If you\u2019ve any interest in the network, you\u2019ve probably seen the news sweeping the interwebs over the past week \u2013 news that\u2019s come to a head in the last 24-48 hours as of this writing.<\/p>\n
The popular social network TikTok has acknowledged a security issue that\u2019s allowed attackers to take control of its accounts.<\/p>\n
The issue stems from a zero-click exploit that\u2019s been used by illicit groups who\u2019ve been taking over high-profile accounts (and possibly smaller accounts) via the platforms\u2019 direct message function. To date, accounts that have been targeted or compromised include those of CNN, Paris Hilton and Sony.<\/p>\n
What makes this case all the more tricky is that users don\u2019t need to click a malicious link, but rather just open the direct message in TikTok for the malware to trigger. According to a statement to the media, TikTok\u2019s spokesperson noted that they were taking this vulnerability seriously and have worked to halt the attack.<\/p>\n
\u201cWe have taken measures to stop this attack and prevent it from happening in the future. We\u2019re working directly with affected account owners to restore access, if needed.\u201d<\/p>\n
This is an evolving story, and we will update this post as more information comes to light and can add additional context.<\/em><\/p>\n As mentioned in our post<\/a> dedicated to them, zero-click exploits are very difficult to stop and decipher. With that said, there are some things you can do to try to reduce some of the risk \u2013 especially on social profiles.<\/p>\n Use strong and unique passwords.<\/strong> As with any site, the weakest link is often the entry point to the platform \u2013 the password. This should be unique and not one that you re-use on multiple platforms. If you struggle to come up with a unique password, consider using a password manager<\/a> to generate a unique and strong password.<\/p>\n Use two-factor authentication<\/strong>. Most platforms allow for some form of two-factor authentication to secure users. While many people default to using SMS or email as the source of the second verification, I\u2019d recommend using an authenticator application<\/a>.<\/p>\n If you don\u2019t know, don\u2019t click.<\/strong> OK, time to put on the Momma Jeff hat for a minute. You shouldn\u2019t talk to strangers. Just like the creepy white van with free candy stenciled on the side that your parents warned you about, there are creepy people sliding into your direct messages. If you don\u2019t know the person messaging you, there\u2019s no reason for you to assume that you should click on any link sent from these accounts and expect anything but a scam. Similarly, if you don\u2019t know the person, why even bother opening the message? As you can see with this TikTok vulnerability, curiosity can still kill the cat \u2013 even in this digital age we live in. While it may be a goal to chase the influencer wagon and make fast cash, if something sounds too good to be true, it probably is.<\/p>\n Educate your kids.<\/strong> If you have kids, or are an uncle\/aunt\/grandma\/pawpaw, please consider talking to them about basic safety on social networks. As the adults in the room, we have to be the folks who teach the next generation about security<\/a>. This post is short, but I hope it serves as a good example of how a tiny mistake (a quick peek) can see someone lose control over their accounts.<\/p>\n Read our detailed guide to setting up security and privacy on TikTok<\/a>. Also, use our free Privacy Checker<\/a> service to configure both the privacy and security of other social networks, online services and applications.<\/p>\n\n","protected":false},"excerpt":{"rendered":" A recent zero-click vulnerability in TikTok has led to high-profile accounts being taken over.<\/p>\n","protected":false},"author":636,"featured_media":27535,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2196],"tags":[1589,2729],"class_list":{"0":"post-27534","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-social-network","9":"tag-tiktok"},"hreflang":[{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/tik-tok-vulnerability-zero-click\/27534\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/tik-tok-vulnerability-zero-click\/22853\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/tik-tok-vulnerability-zero-click\/30205\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/tik-tok-vulnerability-zero-click\/27685\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/tik-tok-vulnerability-zero-click\/37606\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/tik-tok-vulnerability-zero-click\/51414\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/tik-tok-vulnerability-zero-click\/27854\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/tik-tok-vulnerability-zero-click\/33679\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/tik-tok-vulnerability-zero-click\/33343\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.in\/blog\/tag\/tiktok\/","name":"TikTok"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/27534","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/users\/636"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/comments?post=27534"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/27534\/revisions"}],"predecessor-version":[{"id":27537,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/27534\/revisions\/27537"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media\/27535"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media?parent=27534"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/categories?post=27534"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/tags?post=27534"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}What can you do?<\/h2>\n