TIME Business facebook

Facebook Is Warning 1 Million Users About Stolen Usernames, Passwords

Facebook-stolen-usernames-passwords
Chris Delmas—AFP/Getty Images This illustration photo shows the Facebook logo on a smartphone in front of a computer screen in Los Angeles on August 12, 2021.

The malicious apps worked by disguising themselves as photo editors, mobile games or health trackers, Facebook said

Meta Platforms Inc. said it would notify roughly 1 million Facebook users that their account credentials may have been compromised due to security issues with apps downloaded from Apple Inc. and Alphabet Inc.’s software stores.

The company announced Friday that it identified more than 400 malicious Android and iOS apps this year that target internet users in order to steal their login information. Meta said it informed both Apple and Google about the issue in order to facilitate removal of the apps.

Read More: What Mark Zuckerberg Revealed About His Metaverse Plans

The apps worked by disguising themselves as photo editors, mobile games or health trackers, Facebook said.

Apple said 45 of the 400 problematic apps were on its App Store and have been removed. Google removed all the malicious apps in question, a spokesperson said.

“Cybercriminals know how popular these types of apps are, and they’ll use similar themes to trick people and steal their accounts and information,” said David Agranovich, director of global threat disruption at Meta. “If an app is promising something too good to be true, like unreleased features for another platform or social media site, chances are that it has ulterior motives.”

A typical scam would unfold, for example, after a user downloaded one of the malicious apps. The app would require a Facebook login to work beyond basic functionality, thus tricking the user into providing their username and password. Users could then, for example, upload an edited photo to their Facebook account. But in the process, they unknowingly compromised their account by giving the author of the app access.

Read More: Meta’s Facebook Algorithms ‘Proactively’ Promoted Violence Against the Rohingya, New Amnesty International Report Asserts

Meta said it would be sharing tips with potential victims on how they can avoid being “re-compromised” by learning how to better spot problematic apps that pilfer credentials, whether for Facebook or other accounts. The malicious activity occurred off Meta systems, Agranovich said, adding that not all 1 million people necessarily had their passwords compromised.

(Updates with details in the sixth paragraph on how malicious apps behaved)

Tap to read full story

Your browser is out of date. Please update your browser at http://update.microsoft.com

YOU BROKE TIME.COM!

Dear TIME Reader,

As a regular visitor to TIME.com, we are sure you enjoy all the great journalism created by our editors and reporters. Great journalism has great value, and it costs money to make it. One of the main ways we cover our costs is through advertising.

The use of software that blocks ads limits our ability to provide you with the journalism you enjoy. Consider turning your Ad Blocker off so that we can continue to provide the world class journalism you have become accustomed to.

The TIME Team