Several users on social media are reporting that their TikTok accounts are being hacked into. More than that, these users claim that the bad actors are making several expensive purchases using connected payment methods, including Touch n’ Go eWallet and Atome.
According to X user Arisha Rozaidee, after accessing her account, the hacker paid for several purchases on TikTok Shop using the TnG eWallet connected to the TikTok account, which was also linked to the user’s credit card. In regards to getting a refund for these fraudulent purchases, she said that Maybank and TnG have passed the buck, while TikTok’s support team has yet to respond to her complaint.
My tiktok account was hacked, scammer paid for purchases using TnG ewallet linked to my Maybank credit card.
Maybank says it’s a TnG problem, TnG says it’s a Tiktok problem, Tiktok support has ignored me for a week now.
I’m *this* close to making it everyone’s problem.
— Arisha Rozaidee (@ArishaRozaidee) November 11, 2024
Meanwhile, Thread user yaya.ekraf claims that she experienced similar fraudulent charges on TikTok Shop through her Atome account, which was linked to her debit card. She states that she has reported the incident and is currently waiting for Maybank to finish its investigation into the matter, while Atome has declined to provide a refund as it was done through her TikTok account.
Adding to the numerous reports from social media users, this writer’s own girlfriend was also a victim of the hack. The perpetrator had made several purchases on TikTok Shop to an address in Negeri Sembilan, and on top of that, it is likely that the seller accounts were owned by the hackers as the purchases mostly comprised of erasers listed at RM100 each.
The purchases were made through the connected TnG eWallet account with a linked debit card, but luckily, all the orders were automatically cancelled due to insufficient funds. These seller accounts have now been disabled, but the platform shows that the account still managed to “sell” hundreds of items before going offline.
When we checked the “Manage Devices” section under TikTok’s security settings, we found there were three unknown Android smartphones that logged into the account within the same day. We were able to remove these devices. Additionally, we found that two-factor authentication (2FA) had been activated and the email was set to the hacker’s email — previously, this account did not have 2FA enabled.
For now, it is unclear how the perpetrators managed to get access to so many Malaysians’ TikTok accounts. As a precautionary measure, you should make sure to activate the app’s 2FA feature and remove any unknown devices logged into the account.
Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news.
