RSS
← All articles
threat
2026-03-27

TikTok for Business accounts targeted with AITM phishing that bypasses MFA

A new phishing campaign is hijacking TikTok for Business accounts using adversary-in-the-middle (AITM) reverse proxy pages - meaning it captures credentials, session cookies, and MFA codes in real time. Victims land on cloned TikTok or Google Careers pages after clicking links that redirect through legitimate Google Storage URLs. The real kicker: most users log in via Google SSO, so one compromise gives attackers both TikTok and Google accounts.

tiktokphishingaitmmfa-bypassgooglesocial-media
Check
Alert marketing and social media teams who manage TikTok Business accounts.
Affected
Any TikTok for Business account, especially those using Google SSO for login.
Fix
Use hardware security keys (FIDO2) instead of SMS/app-based MFA - AITM kits can't intercept them. Review TikTok account sessions for unauthorized access. Train staff to verify URLs before entering credentials.
Related Articles
breachFoxconn confirms cyberattack on North American factories - Nitrogen ransomware crew claims 8 TB stolen including Apple, Intel, Google, Dell, and Nvidia project files
threatIranian hackers used Microsoft Teams chat to social-engineer victims, then dressed up their espionage as a Chaos ransomware attack to throw off blame
threatHackers bought Google ads pointing to a fake GoDaddy WordPress login page - any site manager who clicked saw their credentials stolen