How to Hack TikTok Accounts : 5 Common Vulnerabilities | HackerNoon (2024)

TikTok has become one of the most popular and used social media platforms. It is an application that allows users to share and watch videos, between fifteen seconds to three minutes, from people you follow (like celebrities, your friends and family members). Unfortunately, since it is a popular application, it has become an easy target for hackers. This article will talk about five common TikTok vulnerabilities and how to protect yourself against them.

TikTok Hacks and Vulnerabilities:

  1. Cross-Site Scripting (XSS)
  2. Phishing Emails
  3. Remote Keyloggers
  4. Zero-Day Vulnerabilities
  5. Weak Passwords

1. Cross-Site Scripting (XSS)

Cross-site scripting is a “vulnerability that allows unauthorized JavaScript code to be executed on a website” (MalCare). There are two types of XSS: reflected and stored. Reflected XSS is considered less harmful and “is a one-time attack where the payload sent in a reflected XSS attack is only valid on that one request” (sciencedirect). Whoever “clicks the link that contains the malicious script will be the only person directly affected by this attack”. Let’s take a look at an example of the XSS attack on TikTok.

In 2020, Security researcher, Muhammed Taskiran, found a vulnerability related “to a URL parameter on the domain which was not properly sanitized” (zdnet). While he was fuzzing the platform, he found that “this issue could be exploited to achieve reflected cross-site scripting, potentially leading to the execution of malicious code in a user’s browser session”.

So what does this mean for the TikTok user? Well, if attackers have successfully executed malicious code (i.e. scripts) into a user’s browser session, then the user’s session has been hijacked and the attacker can do whatever they want! They can redirect the user to malicious websites, record the user's online activity, or even download malicious files onto the user’s system and hack their device.

How to Protect Against XSS Attacks

To protect and prevent an XSS attack from occurring, you should use data sanitization across the domain to make sure that only appropriate variables are inserted.

2. Phishing Emails

How to Hack TikTok Accounts : 5 Common Vulnerabilities | HackerNoon (1)How to Hack TikTok Accounts : 5 Common Vulnerabilities | HackerNoon (2)

Phishing emails are an easy way for hackers to hack TikTok accounts. The hacker can send fake emails to users making it seem like it is from TikTok. The content of the emails could state, for example, that your account has been compromised and requires your credentials to help get your account back. This is just one example of how a cybercriminal can manipulate you into entering your personal information.

Back in 2019, there was a vulnerability that allowed hackers “to use a link in TikTok’s messaging system to send users messages that appeared to come from TikTok” (nytimes). If users clicked on the link, then hackers were able to access and gain control of all accounts. Hackers were able to do whatever they wanted with the account (post videos, see users’ private videos, and more).

How to Protect Against Phishing Attacks

Users should be educated and informed on the characteristics of phishing emails in order to be able to spot them. This is what you can do:

  • Do not click on any links or open any attachments from suspicious emails
  • Do not enter any personal information from a pop-up screen (note: legitimate companies would never ask for personal information this way)
  • Pay close attention for misspellings in the email contents

3. Remote Keyloggers

Remote keyloggers mainly affect our mobile device or laptop because the cybercriminal needs to first access your device, then install a piece of software to record everything that you type on your keyboard. This means that if you log into any personal accounts (email, bank, Tiktok, and more), every key will be recorded. The hacker will have this information and be able to hack your account.

How to Protect Against Remote Keyloggers

  • Do not use third party keyboard applications
  • Do not open any attachments or click on links in email messages as the keylogger could be embedded in the attachment
  • Install anti-spyware applications to help detect, disable, and quarantine software-based keyboard loggers

4. Zero-Day Vulnerability

Zero-day vulnerabilities are new security flaws that may be known to software vendors but no patch exists yet for the vulnerability to be fixed. As a result, this would allow hackers to exploit the vulnerability. If a hacker finds a vulnerability with TikTok (i.e. with the source code, or database), then hackers may be able to leak all of the users’ data.

How to Protect against Zero-Day Vulnerabilities

There is no way to completely avoid zero-day vulnerabilities, but you can do the following as extra security precautions to prevent hackers from getting into your TikTok account:

  • Make sure you are using the latest version of TikTok
  • Enable two-factor authentication

5. Weak Passwords

How to Hack TikTok Accounts : 5 Common Vulnerabilities | HackerNoon (3)How to Hack TikTok Accounts : 5 Common Vulnerabilities | HackerNoon (4)

Hackers can easily hack TikTok accounts by guessing the password, especially if the password is easy and commonly used such as a nickname, phone number, partner’s name, pet name, just to name a few. Of course, the hacker could also perform a brute force attack for the user’s password if the password is a bit more difficult to guess.

How to Protect Against Weak Passwords

Users should select a strong password composed of numbers, symbols, space bar, and lower and uppercase letters. Take note that the password for your TikTok account is unique and not the same password used for other email or social media accounts. This would reduce the risk of your account being compromised. You may also use this website, HaveIBeenPwned, to verify that your account is safe and whether or not your credentials have been leaked to the public.

Final Thoughts on TikTok Hacks and How to Prevent Them

These were just five common vulnerabilities that may allow attackers to hack TikTok accounts and how to protect against each one of them. I am sure that there are many other techniques that exist, but these are just a few that I found to be important.

Hackers are always one step ahead in finding new techniques where prevention might not be possible at first. Therefore, you should make sure that you do everything you can to ensure that your account is secure.

How to Hack TikTok Accounts : 5 Common Vulnerabilities | HackerNoon (2024)


What is the vulnerability of TikTok? ›

The TikTok (formerly application 12.2. 0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic.

Has TikTok been hacked before? ›

TikTok has been hacked multiple times over the last few years. In summer 2023, TikTok acknowledged that as many as 700,000 accounts in Turkey had been compromised due to the company's use of insecure SMS channels for its two-factor authentication.

Is a zero day TikTok hack taking over celebrity and brand accounts? ›

Forbes' Post

Malicious code is taking over accounts on TikTok, and has already compromised the official presence of celebrities and brands, including Paris Hilton and CNN, according to sources inside the company.

What is the zero day vulnerability on TikTok? ›

The issue stems from a zero-click exploit that's been used by illicit groups who've been taking over high-profile accounts (and possibly smaller accounts) via the platforms' direct message function. To date, accounts that have been targeted or compromised include those of CNN, Paris Hilton and Sony.

Why is TikTok such a threat? ›

Among lawmakers' chief concerns about TikTok is that its Chinese ownership poses grave national security risks to the United States. They worry the app could be used to spread misinformation, sow division and meddle in elections.

How can I access TikTok without password? ›

A passkey is a cryptographic key stored on your mobile device that can be used to log in to your TikTok account without having to remember a password. Learn more about passkeys on Android and Apple. Have a device running Android 9.0 or later. Have screen lock enabled on your device.

Is TikTok still spying on you? ›

No, TikTok does not monitor your entire phone, but it does access specific data necessary for the app to function, such as your camera, microphone, and location if you grant it permission.

What does a hacked TikTok account look like? ›

If you notice any of these suspicious behaviors, your account may have been hacked: Your account password or phone number has been changed. Your account username or nickname has been changed. Your videos have been deleted or posted without your permission.

Why is TikTok illegal? ›

Many countries have imposed past or ongoing restrictions on the video sharing social network TikTok. Bans from government devices usually stem from national security concerns over potential access of data by the Chinese government.

Do celebrities have secret TikTok accounts? ›

Gigi Hadid

"I do have a secret TikTok, which I don't post on, and I don't follow anyone I know on it," the model confessed in her March 2022 InStyle cover story. "I'm a lurker, but it's for, like, mom videos and kids' lunch videos."

What is a zero click exploit? ›

What are zero-click attacks? Zero-click hacks differ from other cyberattacks in that they do not require any participation from the target user. These attacks can infect a device without the user clicking on a malicious link, opening an attachment or installing an unwanted program.

What is the risk on TikTok? ›

The app collects sensitive information from its users, and it is often taken without the user's explicit knowledge such as email addresses, phone numbers, content you upload, and information about your keystroke patterns, battery levels, audio settings, mobile carrier, wireless connections, device brand and model, ...

Are there any dangers to TikTok? ›

Why is TikTok dangerous? Well, one reason is because of the abundance of scams. The Federal Trade Commission (FTC) considers TikTok a goldmine for scammers. ¹ To be fair, any social media app that can direct message (DM) other users has the potential for scams.

Why does TikTok make users vulnerable to stalking and phishing? ›

TikTok is vulnerable to both types of attacks because it relies on user-generated content. Hackers can create fake accounts or videos that contain malware or phishing links, which can then be spread to other users.

What are TikTok privacy threats? ›

TikTok acknowledged to Congress in 2022 that employees based in China could access US user data, following a report that year by BuzzFeed News that ByteDance employees had accessed that information on multiple occasions.


Top Articles
Latest Posts
Recommended Articles
Article information

Author: Dong Thiel

Last Updated:

Views: 5681

Rating: 4.9 / 5 (59 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Dong Thiel

Birthday: 2001-07-14

Address: 2865 Kasha Unions, West Corrinne, AK 05708-1071

Phone: +3512198379449

Job: Design Planner

Hobby: Graffiti, Foreign language learning, Gambling, Metalworking, Rowing, Sculling, Sewing

Introduction: My name is Dong Thiel, I am a brainy, happy, tasty, lively, splendid, talented, cooperative person who loves writing and wants to share my knowledge and understanding with you.