Attackers are exploiting a critical SolarWinds Web Help Desk bug - less than a week after the vendor disclosed and fixed the 9.8-rated flaw. That's according to America's lead cyber-defense agency, which set a Friday deadline for federal agencies to patch the security flaw.…
Cybersecurity experts usually advise victims against paying ransomware crooks, but that advice goes double for those who have been targeted by the Nitrogen group. There's no way to get your data back from them!…
Police Service of Northern Ireland (PSNI) employees who had their details exposed in a significant 2023 data breach will each receive £7,500 ($10,279) as part of a universal offer of compensation.…
If you’re brave enough to want to run the demonstrably insecure AI assistant OpenClaw, several clouds have already started offering it as a service.…
This week I'm in Hong Kong, and the day after recording, I gave the talk shown in the image above at INTERPOL's Cybercrime Expert Group. I posted a little about this on Facebook and LinkedIn, but thought I'd expand on what really stuck with me after watching other speakers: the effort agencies are putting into cybercrime prevention. It's very easy for folks to judge law enforcement solely on what they see from the outside, and that's mostly going after offenders and taking down criminal infrastructure. But the bit I'm increasingly seeing behind the scenes is a push to help kids (the sorts of hackers I usually interact with are teenagers or young adults at most) make better choices when they're faced with a pathway into cybercrime. The transition from minor offences (game cheats and DDoS'ing) to full-on cybercriminals (hacking and extortion) is very well-known, and intervening at the right time can not only make a difference to the impact of data breaches on all of us, but it can also make a massive difference to these kids' lives. These agencies are underfunded and understaffed compared to the scale of the problem, so making the time to come visit and find some ways to help in our little corner of the data breach world is a no-brainer 😊
![]()
AI agents and other systems can't yet conduct cyberattacks fully on their own – but they can help criminals in many stages of the attack chain, according to the International AI Safety report.…
It usually starts with a small, uneasy moment. A notification you don’t recognize. A login code you didn’t request. A friend texting to ask why you just posted something… weird.
If you’re staring at your phone wondering whether your TikTok account was hacked, you’re not alone, and you’re not being paranoid.
Account takeovers often don’t look dramatic at first. They show up as subtle changes: a password that suddenly doesn’t work, a new device logged in overnight, or settings you swear you never touched.
This guide walks you through exactly what to do if your TikTok account has been compromised: how to spot the warning signs, how to recover access if you’re locked out, and how to lock down active sessions so it doesn’t happen again.
When someone else gets into your account, things usually start behaving in ways that don’t feel like you. Pay attention to changes like these:
Profile or settings changes you didn’t make
Your display name, bio, password, linked email, phone number, or privacy settings look different, even though you never touched them.
Content or activity you don’t recognize
Videos you didn’t post. Comments or DMs you didn’t send. New follows or likes that don’t match how you use the app.
Login alerts that come out of nowhere
Notifications about a new device, verification codes you didn’t request, or emails confirming changes you didn’t initiate.
Other warning signs include being locked out of your usual login method, missing recovery options, or friends telling you your account is sending strange messages.
Speed matters here. The longer someone has access, the more they can change, or use your account to scam others.
Secure the account immediately.
Start TikTok’s recovery process right away.
TikTok uses this information to verify that the account is yours and roll back unauthorized changes.
This step is critical and often overlooked.
Once you regain access, clean up anything the attacker touched, delete suspicious posts, undo profile changes, and revoke access for any apps you don’t recognize.
![]()
Figure 1: How to remove TikTok logins from other devices.
Getting back in is only half the job. The next step is making sure whoever got in can’t come back.
In Settings & Privacy, enable two-factor verification (2FA) and choose your preferred method. An authenticator app offers the strongest protection, but SMS or email is still far better than nothing.
Head to Security and look for Manage devices or Active sessions.
Check which apps or tools are connected to your TikTok account and remove anything you don’t use or trust.
Use a strong, unique password
Updates often include security fixes. Running outdated software makes it easier for attackers to exploit known issues.
Unexpected DMs, “copyright warnings,” fake verification notices, or links asking you to log in again are common hacker tactics. When in doubt, don’t click, open the app directly instead.
Figure 2: Where in “Security & permissions” to find security updates and 2FA.
Discovering a fake account that’s using your name, photos, or videos can feel like a second violation on top of having your account hacked.
Luckily, TikTok has a way to flag these imposters, both from inside the app and, in some regions, through an official web form.
Figure 3: A screenshot showing where in TikTok you report fake profiles.
If you’re in the U.S. and the fake profile is doing real damage, for example, scamming your followers or using official business assets, TikTok also offers a dedicated impersonation report form online:
For accounts outside the U.S., the public Help Center form lets you select Report a potential violation → Account violation → Impersonation and walk through similar steps.
|
Q: How do I lock down sessions on TikTok? A: Go to Settings & Privacy → Security, then open Manage devices or Active sessions. Remove unfamiliar devices, log out of all sessions if possible, change your password, and enable two-step verification. |
|
Q: Can I recover my account if the email and phone number were changed? A: Yes. Start an account recovery request through TikTok support and provide proof of ownership, including previous contact details and device information. |
|
Q: What if I keep getting verification codes I didn’t request? A: That’s a sign someone is trying to get in. Change your password immediately, enable two-step verification, and review active sessions. If it continues, contact TikTok support |
|
Q: Should I warn my followers? A: If your account posted or messaged others without your permission, yes. Let people know your account was compromised so they don’t engage with scam links or requests. |
The post Was My TikTok Hacked? How to Get Back Into Your Account and Lock Down Sessions appeared first on McAfee Blog.
Baddies are exploiting a critical bug in React Native's Metro development server to deliver malware to both Windows and Linux machines, and yet the in-the-wild attacks still haven't received the "broad public acknowledgement" that they should, according to security researchers.…
On 59 occasions throughout 2025, the US Cybersecurity and Infrastructure Security Agency (CISA) silently tweaked vulnerability notices to reflect their use by ransomware crooks. Experts say that's a problem.…
French police raided Elon Musk's X offices in Paris this morning as part of a criminal investigation into alleged algorithmic manipulation by foreign powers.…
Today is the day Azure Storage stops supporting versions 1.0 and 1.1 of Transport Layer Security (TLS). TLS 1.2 is the new minimum.…