Meta Platforms Inc. has disclosed that it will alert approximately 1 million Facebook users about potential compromises to their account credentials due to security vulnerabilities linked to apps downloaded from Apple Inc. and Alphabet Inc.’s software platforms.
On Friday, the company revealed that it had identified over 400 malicious Android and iOS apps in the current year designed to target internet users and pilfer their login details. Meta promptly informed both Apple and Google about the issue to facilitate the removal of these apps.
These deceptive apps, posing as photo editors, mobile games, or health trackers, were employed to carry out the unauthorized acquisition of user login information, as stated by Facebook. Apple reported that 45 of the problematic apps were present on its App Store and have since been removed, while Google removed all identified malicious apps.
David Agranovich, Meta’s Director of Global Threat Disruption, warned that cybercriminals often exploit the popularity of such apps, using familiar themes to deceive users and gain access to their accounts and sensitive information. He emphasized that users should exercise caution when encountering apps that promise extraordinary features, as they may have malicious intentions.
The typical scam involved users downloading one of these malicious apps, which then prompted a Facebook login to unlock additional features. Unbeknownst to the users, this action compromised their credentials, allowing the app’s creator unauthorized access to their accounts.
Meta reassured that it would share guidance with potential victims on how to recognize and avoid problematic apps that seek to pilfer credentials for Facebook or other accounts. It clarified that the malicious activity occurred outside of Meta’s systems, and not all 1 million individuals necessarily had their passwords compromised.