Meta Platforms Inc. reveals that it would notify one million Facebook users that their account credentials may have been compromised due to security issues with apps downloaded from Alphabet Inc. and Apple Inc.’s software stores.
The social media platform announced on Friday that it identified more than 400 malicious Android and iOS apps this year which target internet users in order to steal their login credentials. Meta has informed both Apple and Google about the issue in order to prevent users’ data from further being compromised. These harmful apps work by disguising themselves as photo editors, mobile games or health trackers, Facebook stated.
According to Apple, 45 of the 400 problematic apps were on its App Store and they have been removed. Google removed all the malicious apps in question, as per a report.
David Agranovich, Director of Global Threat Disruption at Meta, said, “Cybercriminals know how popular these types of apps are and use these themes to trick people and steal their accounts and information. If the login information is stolen, attackers could potentially gain full access to a person’s account and do things like message their friends or access private information."
Moreover, he explained how users can secure their accounts in case they have already downloaded such apps. Agranovich said, “ You believe you’ve downloaded a malicious app and have logged in with your social media or other online credentials, we recommend that you delete the app from your device immediately and follow the following instructions to secure your accounts."
Malicious developers create malware apps disguised as apps with fun or useful functionality — like cartoon image editors or music players — and publish them on mobile app stores.
Here are the instructions to safeguard your accounts:
Reset and create new strong passwords. Never reuse your password across multiple websites.
Enable two-factor authentication, preferably using an Authenticator app, to add an extra security layer to your account.
Turn on log-in alerts so you’ll be notified if someone is trying to access your account. Be sure to review your previous sessions to ensure you recognize which devices have access to your account.
It is also encouraged to report malicious applications that compromise Meta accounts to us through our Data Abuse Bounty program.