There was a TikTok Android app exploit that let hackers hijack accounts with one click

One bad link is all it takes.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Don’t freak out, it’s long resolved now, but Android users should really think twice before clicking any links in the TikTok app after security flaws were found that made it ridiculously easy to steal others accounts with a simple link. While it’s been addressed for now, it’s always good internet security advice to not go clicking unknown links. And with an exploit this simple it’s a good reminder to be ever vigilant out there.

According toBleepingComputer,Microsoft reported the flaw to TikTok back in February but, given the potential severity, it’s not too surprising we aren’t hearing about it until now. With a well crafted malicious link, reportedly more than 70 JavaScript methods could be used to get access to the app’s webview, only used by the Android app.

From there, those with malicious intent can wreak all sorts of havoc on the users' account. They can modify and view basically all the data, including profile settings and private videos. Due to the ability to perform authenticated requests through the webview, it’s by no means a stretch to say they could completely take over the account.

“Attackers could have leveraged the vulnerability to hijack an account without users' awareness if a targeted user simply clicked a specially crafted link,“Microsoft 365 Defender Research Team’s Dimitrios Valsamaras said, adding: “Attackers could have then accessed and modified users' TikTok profiles and sensitive information, such as by publicizing private videos, sending messages, and uploading videos on behalf of users.”

How to buy a graphics card: tips on buying a graphics card in the barren silicon landscape that is 2021

The surprising, yet good news is it seems the flaw doesn’t seem to have actually been exploited while active, which is exactly why it was likely kept under wraps until it was fixed. And it does look like TikTok has fixed the issue,in between trying to get into games.

Microsoft’s investigations didn’t find evidence of an attack using the link exploits, so hopefully it wasn’t discovered by bad actors at the time. Though given TikTok’s youthful audience, it could just be that not clicking weirdo links online has finally become common sense.

TikTok, like all apps, is by no means a flawless example of security and it’s always wise to keep your wits about you on the internet. Keep not clicking those links while you enjoy your crazy dancing, angry emus, andhuskies singing along to saxophones.

The biggest gaming news, reviews and hardware deals

Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.

Hope’s been writing about games for about a decade, starting out way back when on the Australian Nintendo fan site Vooks.net. Since then, she’s talked far too much about games and tech for publications such as Techlife, Byteside, IGN, and GameSpot. Of course there’s also here at PC Gamer, where she gets to indulge her inner hardware nerd with news and reviews. You can usually find Hope fawning over some art, tech, or likely a wonderful combination of them both and where relevant she’ll share them with you here. When she’s not writing about the amazing creations of others, she’s working on what she hopes will one day be her own. You can find herfictional chill out ambient far future sci-fi radio show/album/listening experience podcastright here.

No, she’s not kidding.

Roblox is banning kids from unrated experiences and Social Hangout spaces in an effort to protect them from paedophiles

Steam Game Recording is now available for everyone, and it’s packed with neat features

I desperately hope Dragon Age: The Veilguard, Baldur’s Gate 3 and Disco Elysium inspire more RPG devs to reject the traditional drip, drip, drip of DLC and expansions