Meta Warns 1M Facebook Users Their Login Info Might Be Compromised

The Washington Post reported that Facebook parent Meta is warning 1 million users that their login information may have been compromised through malicious apps.

According to The Washington Post, Meta’s researchers found more than 400 malicious Android and Apple iOS apps this year that were designed to steal the personal Facebook login information of its users, the company said Friday in blog post. Meta spokesperson Gabby Curtis confirmed that Meta is warning 1 million users who may have been affected by the apps.

Meta said the apps they identified were listed in Apple’s App Store and Google Play Store as games, photo editors, health and safety lifestyle services and other types of apps to trick people into downloading them. Often the malicious app would ask users to “login with Facebook” and later steal their username and password, according to the company.

Meta posted information titled “Protecting People From Malicious Account Compromise Apps” in Meta’s Newsroom. Here is some of what Meta found:

Our security researchers have found more than 400 malicious Android and iOS apps this year that were designed to steal Facebook login information and compromise people’s accounts. These apps were listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them. Some examples include:

  • Photo editors, including those that claim to allow you to “turn yourself into a cartoon”
  • VPNs claiming to boost browsing speed or grant access to blocked content or websites
  • Mobile games falsely promising high-quality 3D graphics
  • Health and lifestyle apps such as horoscopes and fitness trackers
  • Business or ad management apps claiming to provide hidden or unauthorized features not found in official apps by tech platforms.

Meta’s post included a pie chart that shows the categories of the malicious apps. 42.6% were photo editor apps, 15.4% were business utility apps. 14.1% were phone utility apps, 11.7% were game apps, 11.7% were VPN apps, and 4.4% were lifestyle apps.

Meta also stated that malware apps often have telltale signs that differentiate them from legitimate apps. Here are a few things to consider before logging into a mobile app with your Facebook account:

Requiring social media credentials to use the app. Is the app unusable if you don’t provide your Facebook information? For example, be suspicious of a photo-editing app that needs your Facebook login and password before allowing you to use it.

The app’s reputation. Is the app reputable? Look at its download count, ratings and reviews, including the negative ones.

Promised features. Does the app provide the functionality it says it will, either before or after logging in?

I stopped using Facebook a long time ago. Back then, the worst thing that could happen to a person who played games on Facebook was that their strawberries would rot before they could tend them in FarmVille. I cannot help but wonder if the simplicity of the Zynga games that were on early Facebook made people presume that all apps on Facebook were safe.