TikTok ‘hacked’, fake COVID-19 video posted from verified WHO account

In order to prove the cybersecurity risks of Chinese social media platform TikTik, a group of developers who goes by the name Mysk used a simple hack to post fake videos from the official TikTok handles of the World Health Organisation (WHO), American Red Cross and British Red Cross.
The developers claimed that TikTok uses unsecure HTTP and not HTTPS to deliver content to users. Knowing this, theysimply tricked the TikTok app to connect to a fake server created by them.
“TikTok’s Content Delivery Networks chooses to transfer videos and other media data over HTTP. While this improves the performance of data transfer, it puts user privacy at risk. HTTP traffic can be easily tracked, and even altered by malicious actors. This article explains how an attacker can switch videos published by TikTok users with different ones, including those from verified accounts,” said the developers on the MYSK blog.