Meta Platforms has informed approximately 1 million Facebook users of a potential data breach due to security issues with third-party apps downloaded from Apple and Alphabet online stores.
Experts noted that malefactors got access to personal data of users. Third-party applications forced users to leave their username and password to log into their Facebook account.
How did it work?
Fraudsters create applications disguised as, for example, photo editors. Once uploaded, users are prompted to create an account using the “Login with Facebook” feature. As soon as the user enters login data, the malware remembers them, after which the attackers get full access to accounts on the social network and a bonus to other services where the user uses the same login and password.
This year, the company’s security service has identified more than 400 malicious applications for Android and iOS, notes NIX Solutions. Of these, 355 worked on smartphones with the Android operating system, and 47 on iOS. About 40% of the apps were disguised as photo editors, with the rest falling into the categories of games, lifestyle, business, and VPN.
Meta noted that Apple and Google have been made aware of the issue. In turn, Apple and Google reported that they removed all the malicious applications in question.
Users have been advised to be wary of apps that offer to set up an account by signing in with Facebook.