Warring: TikTok Accounts Hack Method

I got hacked today with a weird method

I have 2 TikTok accounts “2L” username and verified, someone send me this message on both accounts

Unfortunately I opened the message on one of my account before checking the other account، i opened the message then clicked on that sound and nothing happened! After few minutes i opened my other account and saw that the same person sent the same message so i know that there is something wrong with it, after almost 12h i got email that my phone number and email address of the account got changed and 2fa updated. (For the first account that i clicked on the sound from it) the second account still with me because i didn’t opened the message

Someone else here got hacked with same people and same method and unfortunately i didn’t see this topic before (i wish i did). Topic here

Be aware, don’t open any messages from someone you don’t know!


so you listened to a sound and they got access to your account? surely there was something else you did.

you mean you opened an audio file from or it was a voice note?

It’s not a file and there wasn’t any sound on it at all

It was like this

I clicked on it to see what sound is this and I didn’t find anything and didn’t find any videos on it so i just closed it.

After 12h i got notification “ phone number updated, 2fa updated”

I didn’t even receive that the password gt changed

just read all 3 threads with this - if it auto executes that’s brutal - I wonder wwhy it took 12 hours though

Maybe he was sleeping

Hey! Sorry that happened to you. I’m in contact with TikTok security department and HackerOne TikTok staff to patch this ASAP. Looks like a cross-site scripting (XSS) attack. In the meantime, don’t accept any DMs from unknown people. Thanks!


Do you or anyone else have access to this sound file message? If so, DM me. I’ll try to extract whatever is behind this message, and will submit it to TikTok.

He sent it to my other account, I didn’t open it yet
If i open it to share with you i will get hacked :man_facepalming:

You should share with the Security team his username, and they can get the messages from his inbox directly, without you or him risking getting your acconts hacked.

That’s some Pegasus level sh*t.

Sorry to hear :frowning:

It’s crazy that it is still going on. Hopefully it will be patched soon

@911 have you tried recovering the account through the PB infos?

TikTok support not responding

Nothing new it happen on twitter some years back when Justin Biebers account got hijacked and the Hacker manage to post on his account, deleted some followers too.