After avoiding the TikTok craze for the past five years, I decided to join in two months ago and opened an account for work purposes to follow the profile recently launched by Euronews.

I used my phone number to sign up as it was new and hadn’t been used before and was pretty much the least personal information I cared about.

The platform sent me a login code via SMS, after logging in I gave Euronews a thumbs up, scrolled through a few videos on the site, and then forgot about my account for a month or so.

The registration and login process was very easy. Maybe a little too easy.

A few weeks later, when I logged into my account, my profile name was different, I had posted five cat videos, and I was friends with someone named “Cookies Galaxy.”

How was this possible? It appeared that I was logged into someone else’s account.

How did this happen?

According to TJ Sayers, Cyber ​​Threat Intelligence Manager at the CIS Center for Internet Security, this is a fairly common problem.

“It’s a circumstantial thing where someone will get a new number and move from an old phone number, and the mobile provider moves that number to someone else,” he told Euronews Next.

I had access to the personal information of the account holder (who appeared to be inactive since 2020), including a list of comments he had made, each of his likes, as well as his direct messages and email address.

“It looks like what happened is that maybe the person’s account that I logged into didn’t have any additional security steps (besides the phone number) when they created their account,” he further explained.

While my “hack” was accidental, malicious attempts to obtain phone numbers have flourished with the rise in popularity of cryptocurrencies in 2019, according to the cyber expert. Hackers have increasingly tried to access and gain access to citizens’ phone numbers to control bank accounts, including digital wallets.

“Some people are actively trying to compromise phone numbers and email addresses in order to gain access to citizens’ bank accounts,” Sayers said.

There are two ways to get someone’s number, or “SIM swap”. The most difficult theft involves gaining control of a person’s physical SIM card, while the soft version involves impersonating a phone number using information, such as the person’s date of birth or address, that is openly available online.

“People don’t even think that when they post things on social media, they can be used by an attacker,” Sayers said, adding, “what scammers will do is social engineer a customer service agent to port your number to their device. “.

What can I do to secure my account?

A pin code is enough to avoid instant hacking of the SIM card, causing attackers to make more efforts to get your phone number.

For TikTok, the most straightforward solution is to avoid signing up with your phone number. In addition, you can also set up two-factor authentication (2FA), an additional security element built on top of your regular password. TikTok is still testing this, but 2FA is already in use at other social media companies, such as Instagram.

However, experts recommend citizens to refrain from using 2FA and not to post informational text messages, as hacking can happen even at this stage.

Euronews reporter Aylin Elci logged into her account only to discover that she had logged into someone else’s account.

“When 2FA or multifactor came out, the predominant place was to get the code via text message or get it via email. Unfortunately, the threat landscape has evolved significantly and text messages are no longer the best practice for receiving. authentication codes,” she added.

“Email is a good option, but even better is having some form of an app on your phone. So like Google Authenticator, Microsoft Authenticator or Authy,” said Sayers.

While authenticators are readily available, companies such as Twitter are moving away from text, according to Sayers.

“It’s not really another technological leap that we need. It is more of a next step of adoption. We’re still way behind the curve with trying to wean people off texting,” he said.

Meanwhile, physical security keys like the Yubikey, which must be inserted into a computer to authenticate and are considered the most secure authentication technology at the moment, are becoming more widespread.

“Certainly, we’re going to see threat actors evolve and they’re going to start trying to attack those other new methods and then new technology is going to come out,” Sayers warned, adding that the damage a person can suffer will depend on usage.