Facebook warns 1 Million Users About Stolen Passwords & Usernames By Malware Apps

Meta has warned at least 1 million Facebook users that their passwords and usernames may have been stolen by third-party apps downloaded from both the App store and Google play.

Facebook said 400 apps disguised as photo editors, games, and utility services like flashlight apps stole users’ information after requesting them to log in through Facebook.

On October 7, the company released a report detailing its discovery of more than 400 malicious apps “designed to steal Facebook login information and compromise people’s accounts.”

All the fake Apps, which were discovered over the last year, disguised as fake photo editors, virtual private networks that claimed to increase browsing speeds and gain access to blocked websites, mobile games, and health and lifestyle trackers. Some claimed to be able to turn the user’s face into a cartoon, while others offered horoscopes. All of the apps made it past Apple and Google’s security and onto their respective app stores.

To stay safe, Facebook suggests reading all reviews and being “suspicious” of any app that requires users to sign in with their Facebook account before allowing them to use it.

Many legitimate apps offer the same features or may ask you to “sign in with Facebook” safely and securely. However, something may be wrong if it is the only option. Check whether the app performs any of its advertised functions or not. Many of the troublesome apps did not work before signing in to Facebook and remained inactive even after signing in.

According to David Agranovich, Director of Threat Disruption, Meta shared its findings with both the App Store and Google Play, but the decision to remove the apps is up to them. Engadget reported on October 7 that both hosts had removed all apps identified by Meta.

What to do if you’ve downloaded a malware App:

In addition, with a list of malware apps, Facebook has recommended users delete such apps from their phones and immediately reset their login information. It also suggests enabling two-factor authentication and turning on log-in alerts to be notified if anyone tries to access your account