Your Tik Tok account can be hacked

TikTok is a short-video sharing app and social network platform. It’s headquarters are in Greater Los Angeles Area, West Coast, US is owned by ByteDance, an internet technology company legally known as Beijing Bytedance Technology Co., Ltd. from China.

The social media platform increased popularity in the US saw more intense scrutiny and privacy concernsns. But how about security? Is the app safe, and can it be hacked?

There is no such thing as unhackable, yet how difficult it is, it also depends on the company’s efforts to keep it secure.

Tik Tok has no 2 step verification, and security recommendations itself are shallow:

A few tips:

  1. Never trust any 3rd-party websites that promise to give away free likes, fans, crowns, coins, or other incentives as they may be able to take your login info.
  2. Select a secure password that contains at least one number and special character.

With no second verification taking over, an account depends on the user’s relaxed approach to security or by the company’s efforts and investment in the protection of the application.

Researchers at Check Point discovered multiple vulnerabilities within the TikTok application.

They managed to:

  • Get a hold of TikTok accounts and manipulate their content
  • Delete videos
  • Upload unauthorized videos
  • Make private “hidden” videos public
  • Reveal personal information saved on the account such as private email addresses

From the research conclusion:

TikTok videos are entertaining. They’ve created a significant trend, a style, even a musical genre. Many of us use the TikTok app to share enjoyable moments and snip bits of fun memories in the form of a short video clips. But as some have experienced, there is often a fine line between fun clips to private, even intimate assets being compromised while trusting to be under the protection from the apps we use.

Researchers at Check Point 

Some users are sharing their experiences of Tik Tok hacked accounts on twitter:

Number of tweets containing “My Tik Tok hacked” between January 2019 and April 2020

The above tweets show that some of the hacks happen due to credential stuffing, where leaked credentials are used to try to log in to other platforms. This attack succeeds as users continue to use the same password for several accounts.

With this tweet, you might understand better what can go wrong if your account is hacked. If you saved personal videos as a draft, then the attacker will now have access to them.

Password hacking happens in many different ways, as exposed in a previous blog post.

You should start by having those three password best practices:

  • Password Manager: it is the best security measure for your passwords. Takes away the complexity of managing the all and will create unique and robust passwords automatically for any given account.
  • Strong passwords: a password hard to crack, best if managed by the password manager
  • Unique passwords: Creating one password that is specific for each account, again much better if handled by the password manager.

If your Tik Tok is hacked then, for now, there is no other way than going through the step officially described in the safety center:

What to do if your account has been hacked

  1. Change your password: Changing your password will log out all other users who may have accessed your account. If you can’t change your password, contact the Support Team by going to your Profile tab, tapping on the Settings icon, and selecting Privacy and Settings > Send Feedback.
  2. Check your account info: Go to your Profile tab, tap on the Settings icon, and tap Manage My Account to verify if the information in your account is correct.

For such a big company, it is alarming to see that it is not doing much to protect and recover the accounts of its users.