How does it work?
A cybercriminal instructs users to visit a profile link, which is either a shortened URL or a direct link to the destination site. Their profile image is then changed to a photograph of a woman and then attackers upload photographs, which are often sexually suggestive.
Interestingly, they do not delete any images uploaded by the account owner.
While it cannot be confirmed as to how accounts were compromised, Norton by Symantec suspect that weak passwords and password reuse are the cause, especially since over 600 million passwords have surfaced in 2016 from breaches affecting other sites.
For more information, you can read the official blog post here.