Video tutorials are being hosted on YouTube showing hackers how to hijack Facebook accounts using a tactic which led to 50 million users having their personal data compromised.
Facebook said yesterday they had discovered a data breach in which hackers had stolen ‘access tokens’ to force their way into tens of millions of accounts.
Videos teaching hackers how to steal the digital tokens had been watched thousands of times on YouTube, which is owned by Google.
Some of them were still online even hours after the data breach was revealed, the Daily Telegraph reported.
Facebook said yesterday they had discovered a data breach in which hackers had stolen ‘access tokens’ to force their way into tens of millions of accounts
Facebook’s head of cyber security said the company was ‘aware of certain videos describing different elements of the attack’.
The social media giant was ‘looking into these to make sure people’s accounts are protected,’ he said.
Facebook users were earlier warned to be vigilant by cyber security watchdogs after it emerged the tech giant had suffered a security breach affecting 50 million users.
In a post on the social network’s news site, Facebook vice president of product management Guy Rosen said the breach had been discovered on Tuesday.
The attack could have given the hackers access to other apps if a user had logged into them using their Facebook name and password, he said.
Mr Rosen said: ‘Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted ‘View As’, a feature that lets people see what their own profile looks like to someone else.
‘This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.
‘Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.’
While some accounts have been automatically logged out, no one needs to change their passwords, the firm said.
It has reset the access tokens of the hacked accounts, as well as another 40 million accounts that have been subject to a ‘View As’ look-up in the last year.
A screen grab taken from Facebook of a warning message sent to users after the social network said it had recently discovered a security breach affecting nearly 50 million users