Platforms Scramble to Secure Accounts After Zero-Day Social Media Hack
High-profile social media accounts have been targeted by a newly discovered zero-day vulnerability, forcing platforms like TikTok, Sony, and CNN to take compromised accounts offline.
The vulnerability allows attackers to hijack user accounts simply by having targets open a malicious direct message (DM) – no downloads or link clicks are required. This has led to a wave of account takeovers across major social media services.
CNN was the first to report an account compromise, which cybersecurity firm Semaphor disclosed on Sunday. Other unnamed high-profile entities were also targeted in the attacks.
Addressing the situation, a TikTok spokesperson named Jason Grosse stated: “Our security team is aware of a potential exploit targeting a number of high-profile accounts. We have taken measures to stop this attack and prevent it from happening in the future.”
Grosse added that TikTok is “working directly with affected account owners to restore access” and that only a “small number” of accounts have been compromised based on initial assessments. However, the company has not provided the exact number of impacted users.
The details of the zero-day vulnerability remain undisclosed as platforms work to address the underlying flaw before sharing information publicly. Cybersecurity experts warn that such unpatched vulnerabilities can pose significant risks to online security.