1M+ Facebook Users’ Login Credentials Could Have Been Stolen By Fraudulent Apps, Meta Warns

Meta has recently issued a warning to about a million of its Facebook users, alerting them to a security incident that might have compromised the integrity of their login information. The company’s security researchers say that, in the past year, they have discovered over 400 fraudulent apps either specifically designed to hijack Facebook user credentials or simply capable of doing so when in the wrong hands.

The majority of the malicious apps identified were built for Android devices, but 47 of them were iOS apps found in the Apple App Store catalog. In the case of Google Play Store apps, these were mainly software programs aimed to entertain or provide valuable functionality to users like VPN clients, fitness trackers, astrology software, photo editors, and others. At the same time, a big chunk of fraudulent iOS products was related to managing business pages or ads.

How these applications stole users’ personal information was pretty straightforward: luring people with fake reviews and the promise of exciting new features, they urged customers to “Log in with Facebook,” providing their Facebook account information to app developers. While some of the exposed software programs did what was promised to the user, an ample amount of them was practically non-functional, further proving that their creators likely pursued ulterior motives.

After receiving a heads-up from Meta, both Apple and Google deleted the malicious software from their respective stores. However, neither platform has commented on the situation to explain what will be done to prevent such apps from successfully passing the app control process in the future.

Were you among those who received a warning from Facebook? Do you know what to do if your social media account information is compromised? Speak up in the comments below!