YouTube tutorials on how to hack profiles
GOOGLE is hosting tutorials on how to hijack Facebook accounts using a similar method to the hackers who gained access to the personal data of 50million users, The Sunday Telegraph has learnt.
The step-by-step video guides could still be accessed on YouTube, Google’s popular video streaming website, hours after Facebook revealed the breach.
Experts warned that any number of other hackers, including foreign intelligence agencies, could have accessed people’s accounts continually since July 2017.
Guy Rosen, Facebook’s vice president of product management, told reporters that 50million users – including Mark Zuckerberg, Facebook’s chief executive, and Sheryl Sandberg, its chief operating officer – were confirmed victims of the attack, but that an additional 40million users might have been exposed to similar attacks.
On YouTube, the tutorials – some of which have been deleted by Google – explain how to hack into Facebook profiles by stealing “access tokens”, digital keys which allow users to log in without entering their passwords every time. They have already been watched several thousands of times.
An attacker who has a user’s access token can use their account as if they are that user, from posting in their name to reading through their messages to looking through an archive of what they have “liked” and shared.
Nathaniel Gleicher, Facebook’s head of cyber security policy, told The Telegraph he was “aware of certain videos describing different elements of the attack” and that the company was “looking into these to make sure people’s accounts are protected”.
Facebook admitted that hackers could also use the tokens to access third party apps and websites which allow users to log in via Facebook. Instagram accounts linked to Facebook accounts were also affected.
But Beau Woods, a cybersecurity fellow at the Atlantic Council, said it was likely the vulnerability had already been identified by other attackers in the 14 months since it was introduced.
“I would say that the 50 million is maybe the tip of the iceberg,” he told The Telegraph.