According to Meta Platforms Inc, due to security flaws with apps downloaded from Apple Inc and Alphabet Inc's app stores, around 1 million Facebook users may have had their account credentials stolen.
As per a statement released this Friday (October 7), Meta identified over 400 malicious Android and iOS apps that target internet users to steal their login information. The company stated that it notified both Apple and Google of the problem to facilitate the removal of the apps.
All Malicious Apps In Question Removed
As per The Indian Express, Apple stated that 45 of the 400 problematic apps were previously available on its App Store before being removed. According to a Google spokesperson, all of the malicious apps in question were removed.
Meta's director of global threat disruption, David Agranovich, stated, "Cybercriminals know how popular these types of apps are, and they'll use similar themes to trick people and steal their accounts and information."
He added, "If an app is promising something too good to be true, like unreleased features for another platform or a social media site, chances are that it has ulterior motives."
Meta To Share Advice On Avoiding 'Re-Compromise'
For example, a typical scam would unfold after a user downloaded one of the malicious apps. Beyond basic functionality, the app would require a Facebook login, duping the user into providing their username and password. Users could upload an edited photo to their Facebook account, for example. However, they unknowingly compromised their performance by granting the app's author access.
Meta stated that it would share tips with potential victims on avoiding being "re-compromised" by learning to spot problematic apps that steal credentials, whether for Facebook or other accounts. The malicious activity occurred outside of Meta systems, according to Agranovich, who added that not all 1 million people's passwords were necessarily compromised.
Also Read: Delhi Officials Not On Same Page On Revocation Of Mask Mandates & Fines, Reveals Document