⤠Facebook security warning for 1M users: Scam apps stole login credentials
Meta has issued a Facebook security warning to around one million users that their login credentials may have been stolen by scam apps.
While most of the apps were Android ones, 47 of them were iOS apps found in Appleâs App Store âŚ
Many apps and websites offer third-party login options, with the most common ones being:
- Login with Facebook
- Login with Google
- Login with Apple
The intention behind these login methods is to make it quicker and easier to start using an app, by skipping the need to register an account. However, a bad actor can also use this approach to steal your credentials.
Engadget reports that this is what a whole bunch of scam apps have done with the âLogin with Facebookâ option.
Meta is warning 1 million Facebook users that their account information may have been compromised by third-party apps from Apple or Googleâs stores. In a new report, the companyâs security researchers say that in the last year theyâve identified more than 400 scammy apps designed to hijack usersâ Facebook account credentials.
According to the company, the apps are disguised as âfun or usefulâ services, like photo editors, camera apps, VPN services, horoscope apps, and fitness tracking tools. The apps often require users to âLog In with Facebookâ before they can access the promised features. But these login features are merely a means of stealing Facebook usersâ account info. And Metaâs Director of Threat Disruption, David Agranovich, noted that many of the apps Meta identified were barely functional.
Facebook security warning
If you have used one of the known scam apps, Meta will push a message to you in the Facebook app:
A security notice from Meta
You may have logged into Facebook from a malicious app designed to steal your
Facebook account information.To protect your information we recommend you secure your account immediately.
The site says that the iOS apps identified mostly appeared to be targeting business users, with names like Meta Business, FB Analytic, and so on.
Meta has provided the full list of apps to both Apple and Google, so that they can be removed from their respective app stores.
Apple of course argues that its app review process keeps users safe from scams, and this is why it shouldnât be obliged by antitrust concerns to allow third-party app stores or sideloading of iOS apps.
This latest revelation could be said to provide ammunition to both sides of the debate. On the one hand, dozens of scam apps made it through app review despite the fact that (a) they were stealing credentials and (b) scarcely worked. On the other, there were far fewer of these apps in the App Store than in Googleâs Play Store.