Facebook has issued a warning after one million users’ passwords and usernames were stolen. The problem stems from security issues with various apps downloaded from iOS and Android.
Facebook has allegedly identified 400 malicious apps on Android and iOS that targeted users to steal vital login information.
The social media platform noted it will have to notify close to 1 million users about their compromised account status.
Facebook alerted Android and iOS about suspicious Apps
Meta has alerted the respective proprietors of iOS and Android, Apple Inc. and Alphabet Inc. and informed both of the removal of the suspicious apps from their stores.
David Agranovich, director of global threat disruption at Meta said, “Cybercriminals know how popular these types of apps are, and they’ll use similar themes to trick people and steal their accounts and information.”
“If an app is promising something too good to be true, like unreleased features for another platform or a social media site, chances are that it has ulterior motives,” Agranovich added.
How malicious apps steal usernames and passwords
Hackers disguised the malicious apps as games, photo editors, lifestyle services, VPN services, business apps and other utilities. By doing so, they were able to trick people into downloading them.
The company said that stolen login information could provide attackers with full access to users private account information and friends.
A majority of the iOS apps posed as ads manager tools for Meta and its Facebook subsidiary.
Evidently, the operators of the scheme also published fake reviews meant to offset negative ones left by users who may have downloaded the apps.
The disclosure also comes as Meta-owned WhatsApp files a lawsuit against three companies based in China and Taiwan for allegedly enticing over a million users through misinformation into compromising their own accounts. They allegedly did so by distributing ‘bogus versions’ of the messaging app.
It is therefore essential to exercise caution before downloading apps and granting access to Facebook to access the promised functionality. This includes scrutinizing app permissions and reviews, and verifying the authenticity of the app developers.
As a precautionary measure, Facebook will share tips on how to identify suspicious apps and spot problematic ones better.
Facebook has faced many challenges over the past few years concerning the theft of its users private date. In April 2021, the social media giant had to notify over 530 million users that their personal data had been lifted in a security breach. The hackers posted users phone numbers, full names, locations, some email addresses, and other details on an amateur hacking forum.