ADVERTISEMENT

Hackers are hijacking TikTok business accounts to steal credentials in real time

Hackers are hijacking TikTok business accounts using phishing kits that bypass 2FA and steal credentials in real time. Researchers say Google logins make the attacks even more dangerous.

TikTok for Business

image by IB Photography | Shutterstock

Stefanie Schappert
Stefanie Schappert Senior Journalist
Mar 27, 2026 Updated: 1 April 2026 3 min read
Key takeaways:
tiktok phish fake page
fake TikTok for Business-themed page. Image by Push Security
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.

Fake TikTok pages hide a more dangerous attack

tiktok phish fake google page
Fake Google themed-career page. Image by Push Security
  • A TikTok for Business cloned page
  • A Google careers “Schedule a call” cloned page
ADVERTISEMENT
tiktok phishing campaign
Attackers replaced the TikTok login button with a Google login button. Image by Push Security

Phishing domains registered within seconds

tiktok phish naming convention
All phishing pages follow a common naming convention. Image by Push Security
TikTok phish attack timeline
Attackers can hijack accounts even when multi-factor authentication is enabled, Image by Push Security

What users should watch for

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites

ADVERTISEMENT