Meta warns 1 million Facebook users who installed password-stealing apps

Meta is warning 1 million Fb customers that their account info might have been compromised by third-party apps from Apple or Google’s shops. In a brand new report, the corporate’s safety researchers say that within the final yr they’ve recognized greater than 400 scammy apps designed to hijack customers’ Fb account credentials.

Based on the corporate, the apps are disguised as “enjoyable or helpful” companies, like picture editors, digital camera apps, VPN companies, horoscope apps, and health monitoring instruments. The apps usually require customers to “Log In with Fb” earlier than they will entry the promised options. However these login options are merely a way of stealing Fb customers’ account information. And Meta’s Director of Menace Disruption, David Agranovich, famous that most of the apps Meta recognized have been barely useful.

“Lots of the apps supplied little to no performance earlier than you logged in, and most supplied no performance even after an individual agreed to login,” Agranovich stated throughout a briefing with reporters.

Meta warns users about scam apps.


Of notice, Meta discovered malicious apps in each Google’s Play Retailer and Apple’s App Retailer, although the overwhelming majority have been Android apps. Apparently, whereas the malicious Android apps have been principally client apps, like picture filters, the 47 iOS apps have been virtually solely what Meta calls “enterprise utility” apps. These companies, with names like “Very Enterprise Supervisor,” “Meta Enterprise,” “FB Analytic” and “Advertisements Enterprise Information,” appeared to be focused particularly at individuals utilizing Fb’s enterprise instruments.

Agranovich stated that Meta shared its findings with each Apple and Google, however that it was finally as much as the shops to make sure the apps are eliminated. Within the meantime, Fb is pushing warnings to 1 million individuals who might have used the apps. The notifications inform customers their account information might have been compromised by an app — it doesn’t title which one — and recommends resetting their passwords.

All merchandise really helpful by Engadget are chosen by our editorial group, impartial of our guardian firm. A few of our tales embody affiliate hyperlinks. In the event you purchase one thing by one in all these hyperlinks, we might earn an affiliate fee. All costs are right on the time of publishing.

Related Articles

Back to top button