Facebook Issues a Warning to 1 Million Users Concerning Password and Username Theft

According to Meta Platforms, it will inform about 1 million Facebook users that their login information may have been stolen due to security flaws in apps downloaded from Apple and Alphabet’s app stores.

Facebooks_d

The business said on Friday that it had discovered over 400 nefarious Android and iOS applications this year that preyed on internet users to steal their login credentials. According to Meta, it alerted both Apple and Google to the problem to expedite the removal of the apps.

According to Facebook, the applications functioned by passing themselves off as mobile games, picture editors, or fitness monitors.

Faceboo k_

Apple said 45 of the 400 problematic apps had been taken down from the App Store. According to a representative, Google uninstalled all fraudulent applications in the issue.

Cybercriminals will employ similar themes to dupe users and steal their accounts and information since they are aware of how popular these kinds of applications are, according to David Agranovich, director of global threat disruption at Meta. An app likely has hidden agendas if it makes unrealistic promises, such as complete functionality for another platform or social networking site.

facebook_

For instance, a typical fraud would start once a consumer downloaded one of the harmful apps. The user would be tricked into supplying their username and password since the software would need a Facebook connection to do any tasks that went beyond the bare minimum. After that, users might submit an updated photo, for instance, to their Facebook account. But by granting the app’s creator access, they unintentionally compromised their account.

To prevent being “re-compromised,” Meta committed to advising potential victims on recognizing unreliable applications that steal login information from Facebook or other accounts.

FB_d

According to Agranovich, the malicious activity occurred outside of Meta systems, and not all 1 million users’ credentials were necessarily exposed.