The personal data of at least 1 million Facebook users could have been stolen by certain apps on Apple and Android, the platform’s owner, Meta, has warned.
Around 400 malicious applications, distributed through Google Play and the App Store, have been stealing people’s login information, the company’s security team said on Friday.
They posed as harmless tools such as photo editors, games, VPN services, and other things to lure users into downloading them. The apps then asked people to ‘log in with Facebook’ and forwarded their usernames and passwords to the perpetrators as soon as they were entered.
This data could potentially be used by the attackers to gain full access to people’s accounts and send messages to their friends lists or obtain private information.
Meta has said it was not aware of the exact number of users affected, as this information is known to Apple and Google.
The company is “being kind of deliberately overcautious and notifying about 1 million users across our entire platform that they may have been exposed to applications like this,” Meta’s director of threat disruption, David Agranovich, stated.
“That doesn’t mean that they were compromised, just that we think that they may have been exposed to one of these applications,” he added.
Google and Apple say they have already removed the apps mentioned in Meta’s report.
Apps sold through their online stores are carefully vetted, but some malicious software still makes it through. Meta has advised users to be cautious and carefully examine what they download.
“If a flashlight application is requiring you to log in with Facebook before it gives you any flashlight functionality, it’s probably something to be suspicious of,” Agranovich said. -RT
