If you logged in with your Facebook account in one of the malicious apps, your password may have been compromised.
Meta Threat Disruption director David Agranovich reported that until 400 malicious apps stole Facebook users’ login credentials. These apps were available for iPhone and Android, and notification to affected individuals began to arrive via Facebook.
As reported Engadgetthese apps had hardly any functionality, they just asked for login through Facebook to steal user credentials.
Many apps provided little or no functionality before login, and most provided no functionality even after someone agreed to login. David Agranovitch
One million Facebook users at risk
Be careful if you see this alert message on Facebook
The company’s security researchers say that over the past year, they’ve identified over 400 fraudulent claims designed to hack Facebook account credentials. Although most scam apps are for Android, 47 of them were iOS apps which were in the Apple App Store.
Meta warns 1 million Facebook users that their account information may have been compromised by third-party apps from Apple or Google stores. In a new report, security researchers at the company say they have identified more than 400 malicious apps designed to hijack users’ Facebook account credentials over the past year.
According to the company, these applications are disguised as “fun or useful” servicessuch as photo editors, camera apps, VPN services, horoscope apps, and fitness trackers. The apps ask users to “log in with Facebook” before they can log in, and what they were actually doing was stealing user credentials.
If Facebook sends you this message, change your password immediately
Meta-Security Notice. You may have logged into Facebook from a malicious application designed to steal your Facebook account information. To protect your information, we recommend that you secure your account immediately.
Despite possible issues, don’t worry if Meta didn’t send you this notification. Additionally, Apple and Google have confirmed that all applications identified by Meta have already been removed from their respective app stores. Although it is always advisable to change the password from time to time.
