TikTok account accessed by unknown device — no 2FA enabled, but email has 2FA. Could it be a code interception?
Hi everyone,
I recently discovered by chance that an unknown device logged into my TikTok account. I did not have two-factor authentication (2FA) enabled on TikTok itself, but my email account does have 2FA.
The strange part is that I don’t think the attacker used my email, since that would’ve required passing 2FA. It seems more like they got access through a login code sent by SMS — similar to what happened in the past with some Telegram account breaches where attackers intercepted codes.
Article by u/desktopecho
The intruder didn’t change my password, didn’t remove my email or phone number. They just followed a few accounts, then I changed the password and deleted the account myself.
I’m confused why they didn’t take full control — maybe they couldn’t? Maybe they were testing access first?
Has anyone experienced something similar on TikTok? Could it be that login codes are getting intercepted somehow, even without full email access?
