Warning — Automated Instagram And TikTok Hack Attacks Confirmed
Instagram and TikTok accounts are under attack from automated hackers.
If there are two things that criminal wannabe hackers like, it’s making money and doing so by the easiest route possible. Unlike real hackers, the type who use true skill to uncover zero-day vulnerabilities and make the world a safer place, while still earning big money, criminals are lazy by nature and often not highly-skilled either. So, when they can use automated tools and pre-compiled lists of stolen usernames and passwords, they are not only happy but dangerous. Which is why the discovery of a trio of such tools, used in Instagram and TikTok hack attacks, is of concern. Here’s what you need to know.
The Automated Tools Deployed In Instagram And TikTok Hack Attacks
Your data has already been stolen. There, I said it, and now it’s time to admit that it’s true. I don’t know of anyone, personally, whose email address does not appear in at least one dark web data breach report, who hasn’t had a password appear in a compromised credentials combo list. I mean, it’s not beyond the realm of possibility that you, dear reader, are the golden child whose data remains untouched, but it is unlikely. Why am I telling you what you already know? To reiterate the importance of that leaked data to the criminal hacker. Especially, of course, account authentication credentials such as usernames, passwords and email addresses.
Olivia Brown, a threat analyst at Socket Security, has published a report that confirms just how important securing your data is by revealing the consequences of that leaked data being out there. “Obtaining valid credentials, even just emails, can initiate an exploit chain,” Brown warned, explaining that attackers look to ensure emails they have are properly associated with accounts in order to best target their exploit endeavors.
The Socket researchers found a trio of what are known as “checkers” being used to validate stolen email addresses during Instagram and TikTok hack attacks. “Checkers are automated tools, either scripts or software,” Brown said, “used to validate large volumes of stolen usernames or emails.” The attackers employ these to automatically and systematically test the compromised credentials they have purchased against the login interfaces of websites or mobile applications, as well as application programming interfaces, to quickly and effectively identify accounts which are valid and therefore vulnerable.
Explaining how one of the checkers in question targeted TikTok, Brown said that it checks if an email is registered by abusing the internal TikTok API endpoint. This URL is hardcoded to the private password recovery API, and as such is “intended to allow a legitimate user to request a password reset link for their account by providing their email address,” Brown said. The attacker, however, uses the checker to mimic a legitimate TikTok client with fake device identifiers and session cookies. It uses a TikTok Android client user-agent to avoid being caught by TikTok’s anti-bot protections, and looks for all intents and purposes like a genuine password reset form submitted by TikTok.
Brown reported the three malicious Instagram and TikTok hack checkers that Socket discovered to the Python Package Index security team, and they have now been removed. They were: checker-SaGaF, steinlurks and sinnercore. I have reached out to Instagram and TikTok for advice to provide to users.
Source link
