Accounts that tend to be hijacked either haven’t been active for a while, or have been taken as part of a large data breach.
Hackers quickly change the password once they’ve hijacked an account, giving them access to your contacts list as well as personal information, such as phone number, birthday and photos.
This could give hackers the perfect opportunity to steal your identity, and trick your friends into thinking you’re still in control of your account.
According to experts speaking to the Sunday Telegraph, websites are selling the accounts in bulk.
This means that a customer could buy thousands of accounts, and use them to make a post trend on Facebook or Twitter.
Speaking to the Sunday Telegraph, an unnamed cyber security expert, said: “You can buy 1,000 accounts and connect them all to each other, then drop a story into the internet relating to what you know the people you’re trying to reach respond to.
“You get the 1,000 accounts to all retweet that post. Suddenly you have a story which has 1,000 shares.”
In response to the investigation, Facebook said it is ‘working with law enforcement’ to investigate the issue, while Twitter said it “strictly prohibits” the buying and selling of accounts and that anyone who buys accounts or followers is “often purchasing fake or hacked accounts”.
Experts are now calling for the websites selling hijacked accounts to be shut down.
The Information Commissioner’s Office (ICO) has also said it will look into the websites uncovered by the investigation.