Jessica Truong Hacker Noon profile picture

@jtruongJessica Truong

Interested in security? Follow along for content within Cybersecurity

TikTok has become one of the most popular and used social media platforms. It is an application that allows users to share and watch videos, between fifteen seconds to three minutes, from people you follow (like celebrities, your friends and family members). Unfortunately, since it is a popular application, it has become an easy target for hackers. This article will talk about five common TikTok vulnerabilities and how to protect yourself against them.

TikTok Hacks and Vulnerabilities:

  1. Cross-Site Scripting (XSS)
  2. Phishing Emails
  3. Remote Keyloggers
  4. Zero-Day Vulnerabilities
  5. Weak Passwords

1. Cross-Site Scripting (XSS)

Cross-site scripting is a “vulnerability that allows unauthorized JavaScript code to be executed on a website” (MalCare). There are two types of XSS: reflected and stored. Reflected XSS is considered less harmful and “is a one-time attack where the payload sent in a reflected XSS attack is only valid on that one request” (sciencedirect). Whoever “clicks the link that contains the malicious script will be the only person directly affected by this attack”. Let’s take a look at an example of the XSS attack on TikTok.

In 2020, Security researcher, Muhammed Taskiran, found a vulnerability related “to a URL parameter on the domain which was not properly sanitized” (zdnet). While he was fuzzing the platform, he found that “this issue could be exploited to achieve reflected cross-site scripting, potentially leading to the execution of malicious code in a user’s browser session”.

So what does this mean for the TikTok user? Well, if attackers have successfully executed malicious code (i.e. scripts) into a user’s browser session, then the user’s session has been hijacked and the attacker can do whatever they want! They can redirect the user to malicious websites, record the user’s online activity, or even download malicious files onto the user’s system and hack their device.

How to Protect Against XSS Attacks

To protect and prevent an XSS attack from occurring, you should use data sanitization across the domain to make sure that only appropriate variables are inserted.

2. Phishing Emails


Phishing emails are an easy way for hackers to hack TikTok accounts. The hacker can send fake emails to users making it seem like it is from TikTok. The content of the emails could state, for example, that your account has been…

Continue reading: