Meta warns 1 million potential victims about stolen login credentials

Meta notified roughly one million Facebook users about login credentials that may have been stolen. According to the social media giant, the victims downloaded malicious apps through the Apple App Store and Google Play Store, after which their login credentials were captured.

Roughly 400 rogue applications, emphatically mentioned in a blog post, were allegedly used to capture victims’ login credentials. Meta notified Apple and Google about the apps in question. Apple told Bloomberg that 45 of the 400 apps could be downloaded through the App Store, with the remaining applications to be offered in the Play Store. All apps mentioned by Meta have since been removed from their respective virtual app platforms.

Almost 43 percent of the cases involved photo editing apps that supposedly allowed users to edit photos or turn themselves into a character. In many cases, they would be asked to log in through Facebook for more features. In this way, criminals were able to obtain the login credentials of the slaughter victims. VPNs, games and help apps such as flashlights are also said to be common among malicious applications.

A Meta employee tells Bloomberg, “Cybercriminals know how popular such apps are and use similar concepts to trick people into stealing login credentials. If an app is too good to be true, for example if it promises unreleased features for other platforms or social media, chances are there is malicious intent involved.”

Meta rogue apps
Meta rogue apps

Examples of some applications found by Meta with fake ‘Facebook’ login buttons. Image via Meta


Inschrijven voor onze nieuwsbrief

* indicates required

Selecteer op welke manier we u mogen contacteren:

U kunt op ieder moment zich uitschrijven op onze emails door op de link te klikken in de voet van onze emails. Voor meer informatie omtrent privacy, bezoek onze website.

Wij gebruiken Mailchimp als ons marketing platform. Door onderaan op inschrijven te klikken stem je toe dat uw emailadres zal worden doorgegeven aan mailchimp om te verwerken. Lees hier meer over Mailchimp's verwerking van privacy data.