Facebook’s owner, Meta, revealed to reporters last weekend that it would notify one million Facebook users that their login information may have been stolen due to security issues with apps downloaded from Google and Apple’s software stores.
The social media platform announced on Friday that its researchers identified more than 400 malicious Android and iOS apps in 2022 which target internet users in order to steal their account credentials. Meta informed both Apple and Google about the issue in an effort to prevent users’ data from being compromised further. These malicious apps primarily worked by disguising themselves as photo editors, mobile games, or health trackers, Facebook said.
According to Apple, 45 of the 400 problematic apps found on its App Store were removed by the company. Google, on the other hand, said in a report that they removed all of the malicious apps in question.
David Agranovich, Director of Global Threat Disruption at Meta, said, “Cybercriminals know how popular these types of apps are and use these themes to trick people and steal their accounts and information. If the login information is stolen, attackers could potentially gain full access to a person’s account and do things like message their friends or access private information.”
Additionally, he explained how Facebook users can secure their accounts if they already have any of these harmful apps downloaded on their devices. Agranovich added, “If you believe you’ve downloaded a malicious app and have logged in with your social media or other online credentials, we recommend that you delete the app from your device immediately and follow the following instructions to secure your accounts.”
The instructions that Agranovich listed for users to protect their accounts included resetting and creating strong, unique passwords, enabling two-factor authentication (preferably with an authenticator app), turning on log-in alerts for when someone tries to access your account, and reporting any malicious applications to Facebook through its Data Abuse Bounty program.