Meta Platforms Inc. announced that it will warn around 1 million Facebook users that their account credentials may have been hacked as a result of security concerns with apps downloaded from Apple Inc. and Alphabet Inc.’s software stores.
This year, the business found more than 400 malicious Android and iOS applications that target internet users in order to steal their login information, according to a statement released on Friday. Meta stated that it notified both Apple and Google of the problem in order to expedite the removal of the apps.
According to Facebook, the applications disguised themselves as picture editors, mobile games, or fitness monitors.
Apple stated that 45 of the 400 problematic apps were available on the App Store and had since been deleted. According to a Google spokesman, all of the fraudulent applications in issue were uninstalled.
“Cybercriminals are aware of how popular these sorts of applications are, and they will utilise similar themes to dupe customers and steal their accounts and information,” said David Agranovich, Meta’s director of global threat disruption. “If an app promises anything that appears to be too good to be true, such as unreleased features for another platform or social media site, chances are it has ulterior objectives.”
For example, a typical fraud might develop once a consumer downloaded one of the rogue applications. Beyond basic functioning, the software would require a Facebook connection, duping the user into supplying their username and password. Users might then post a modified photo to their Facebook account, for example. However, they unwittingly compromised their account by granting the app’s author access.
Meta stated that it will provide recommendations with future victims on how to prevent being “re-compromised” by learning how to detect problematic applications that steal passwords, whether for Facebook or other accounts. The illegal behaviour happened outside of Meta systems, according to Agranovich, who added that not all 1 million people’s credentials were necessarily stolen.
