Facebook parent company Meta Platforms announced on Friday it would notify around 1 million Facebook users that their login credentials may have been breached due to alleged security issues with apps downloaded from Google’s Play Store and Apple’s App Store.
Meta announced that it has discovered more than 400 malicious iOS and Android apps which could attempt to steal the login information. Furthermore, the company has notified both Apple and Google about the issue – to immediately remove the apps.
Meta said that the apps targeted users by making the app act as photo editors, mobile games or health trackers. Apple claims that 45 out of the 400 malicious apps were on its app store, however- now they have been kicked out from the platform. Whereas, Google’s spokesperson claims to have removed all the malicious apps from the platform.
Meta’s director of global threat disruption, David Agranovich says that cybercriminals know how popular these sorts of apps are – and thus, they will use similar themes to fool people and access their accounts and information. Therefore, if an app is disguising as “too good to be true”, chances are it has “ulterior motives”
For instance, a common fraud might start when a victim posted an altered photo to their Facebook account through a rogue program. The user would be tricked into entering their username and password by a fake login prompt.
In order to prevent being “re-compromised,” Meta committed to share advice with potential victims on how to recognise unreliable apps that steal login information from Facebook or other accounts. According to David, the malicious activity took place outside of Meta systems, and not all 1 million users’ passwords were necessarily exposed.