New way to hack/get login info & session ID on IG and other socials

So i came across this topic

Which states about tiktok hack method but after seeing it I’m very sure that people managing IG pages should have got some random messages request like “great” “super” “amazing” etc.

So your best bet is to not open it and engage with them. That will also cause you to lose your ID and account and let everyone know about this new method to hack an account.

2 Likes

Did you confirm this and get hacked on IG or are you just assuming?

After looking and reading the thread of tiktok it states that they(hackers) just want the account to interact with them or their file in anyway so as i have got some weird random messages as i told, i am assuming that those were also for getting access to the session ID and directly gaining the account of the other user.

Anyways why not be safe beforehand.

1 Like

I’ve gotten those random messages, and weird emails(when the email was available on the profile)… those are typically weak phishing attempts, and other scams. Not the same thing as what they’re saying is taking place on TikTok.

I would advise just not opening any messages or emails from individuals you don’t know… and if you do open it, don’t click on ANYTHING. But the smartest things to do is just not open the message in the first place, if you don’t know the sender.

I’m wondering how these people actually end hacking the accounts if they don’t have access to 2FA, because having session replicated and opened would never give access to phones, 2FA apps, and one guy was saying he got hacked from everything.

Any experts on this?

@Rich if they have your session id they are logged in without the need of having a 2FA code.

Sure, that’s understandable.

My question is how are they able to change all 2FA related not having access to that?

From my understanding, and I could be wrong since I am not at all technical when it comes to this, its based on stealing your session through a cross site contamination.

My best assumption would be that it sort of emulate the users session entirely. So TikTok believes its the original owner / device. And since the device are seen as the ‘trusted’ devices, hence it allows them to change it.

This seem the most logical

1 Like

It’s like getting access to any account with their login session ID and once you login using it the algorothm or the system sense you as the original person or legit login so as they get your details when you intereact with them being already logged in to your account, so that bypasses the need for 2FA and once the hacker gets access to the account, changing 2FA deatils is easy.

That’s not very exact but very close to that in simple terms. People who are programmers say that’s way more complicated than that but in summary that’s what goes in. Hope it helps.