The good last few months of TikTok continue with the news that hackers used malicious code to take over accounts of tiktok celebrities and brands. According to a Forbes report, official accounts of Sony, Paris Hilton and CNN have reportedly been affected by the hacking. 

Responsible hackers are sending malware through the app's DMs. Apparently, this malware does not require the victim to click on the link or download the software. Instead, all you have to do is open the DM where the malware is present, and your device will get infected.

This hack seems to be a "zero-day" attack, and since the developers knew about the vulnerabilities in tiktok's code before they did, they had zero days to prevent it. 

Semafor's newsletter reported that CNN had to delete the company's account. A spokesperson told Semafor that the company had been lax in cybersecurity. But the problem is off-site because 1 out of dozens of CNN employees with access opened the DM, a regular part of the management of social media brands.

For now, hackers seem to be targeting the accounts of brands and celebrities like Paris Hilton. The average user will probably not be affected, but for safety, it's best not to open the Dm until Tiktok announces a fix or patch for an ongoing problem. 

tiktok has a support page with suggestions on how to deal with hacked accounts. The usual suggestions presented include resetting the password, removing an unknown device and 2-factor authentication by adding a phone number. 

TikTok is no stranger to big hacks. Last year, more than 700,000 accounts were hacked in Turkey because of poor two-factor authentication methods in the app. 

In 2022, Microsoft reported a vulnerability in the Android version of its Tiktok app that allowed hackers to take over accounts by simply clicking a specific link 1 time. 

Beyond hacking, TikTok is an ongoing battle with the US government to avoid being banned in America. President Joe Biden has signed a measure requiring TikTok's parent company, ByteDance, to sell the company's U.S. operations. 

This ban is probably done to prevent Americans' personal data from being in the hands of the Chinese government.

Last month, ByteDance published D.C.Circuit challenged the law in the U.S. Court of Appeals. That lawsuit is ongoing.