Meta has warned 1 million Facebook users that their account information, including usernames and passwords may have been stolen by third-party apps from Apple or Google’s respective app stores.
In a new report, the company’s security researchers have announced that in the last year, they’ve identified more than 400 fraudulent apps designed to steal Facebook account credentials, including usernames and passwords.
According to the company, the apps are disguised as “fun and useful” services, including photo editors, camera apps, VPN services, horoscope apps, and fitness tracking tools.
These apps usually provide little to no functionality and require users to login with their Facebook account in order to access the promised features.
Meta’s Director of Threat Disruption, David Agranovich, said that most of the apps Meta identified remained barely functional even after the user agreed to login with their Facebook ID.
The majority of these apps were found in Google’s Play Store disguised as something fun and useful, including photo editors and filers, while the 47 iOS apps were almost exclusively what Meta calls “business utility” apps with names like “Very Business Manager,” “Meta Business,” “FB Analytic” and “Ads Business Knowledge,”
Meta shared the findings with both Apple and Google, who have removed the apps from their respective stores.