Facebook: 1 million users have credentials compromised

Last Updated on: 8th October 2022, 08:11 am

There are around one million Facebook users whose usernames and passwords may have been compromised due to security issues in app stores.

Meta Platforms Inc. promised that they would notify roughly 1 million Facebook users who they believe had their account credentials possibly compromised due to “security issues” with apps mobile users downloaded from Apple Inc. and Alphabet Inc.’s software stores.

The social media giant announced on its official website that the company was able to find “more than 400 malicious Android and iOS apps” within 2022. These apps targeted internet users aiming to phish for their login credentials. The company mentioned in its post that they have alerted both Apple and Google regarding the possible removal of these apps.

READ MORE: OVERWATCH 2 RELEASE MET WITH DDOS ATTACK AND LOST ACCOUNTS

Facebook parent Meta is warning 1 million users that their login information may have been compromised through malicious apps. https://t.co/iXlbttpyxA

— The Washington Post (@washingtonpost) October 7, 2022

How to know if you are a victim of the security breach in Facebook

“Our security researchers have found more than 400 malicious Android and iOS apps this year that were designed to steal Facebook login information and compromise people’s accounts. These apps were listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps and other utilities to trick people into downloading them.”

David Agranovich, Director, Threat Disruption and Ryan Victory, Malware Discovery and Detection Engineer of Facebook Meta

Mobile app users are the primary target of the recent security issue of Meta. The first thing you have to check is if you have recently downloaded an app on your mobile app store that may fall under the list posted by Meta that they have confirmed are the likely reasons why your account credentials were compromised. The list is as follows:

• Photo editors, including those that claim to allow you to “turn yourself into a cartoon”
• VPNs claiming to boost browsing speed or grant access to blocked content or websites
• Phone utilities such as flashlight apps that claim to brighten your phone’s flashlight 
• Mobile games falsely promise high-quality 3D graphics
• Health and lifestyle apps such as horoscopes and fitness trackers
• Business or ad management apps claim to provide hidden or unauthorized features not found in official apps by tech platforms.

READ MORE: GOOGLE SEARCH OFFERS HELP TO USERS TRYING TO WIPE THEIR DIGITAL FOOTPRINT

How these apps got your account compromised

The developers of these apps are getting creative. They will look legitimate in several ways, like posting a review on the app store as if someone really downloaded and used the app before. It would have a number of those reviews posted online to solidify the trust it would build in those who plan on downloading the app. The apps vary from seemingly innocent photo-editing applications to more professional-looking applications that promise certain benefits if they are downloaded by the user.

“When a person installs the malicious app, it may ask them to “Login With Facebook” before they are able to use its promised features. If they enter their credentials, the malware steals their username and password.”

Meta

The first red flag of an app possibly stealing your credentials is that it asks you to “Login With Facebook” through links that redirect you to the login page of the platform. Another red flag is that the app itself is unusable unless you go through the login page.

READ MORE: YOUTUBER DREAM FACE REVEAL SENDS THE INTERNET INTO A FRENZY!

What to do to prevent this and what to do if you’re already a victim

If you still remember the application/s that you downloaded that asked you to log in to the Facebook page, make sure to uninstall them on your device. Here are the instructions for Apple users. Here are the instructions for Android users. Once you have them wiped out of your device, go to the Facebook app or website and reset your password. Here are the instructions on how to reset your Facebook password.

Note that resetting your password would also ask you if you want to log out of all the other devices you are currently logged into. You can say yes to this and just log back into the devices that you are currently using. To prevent someone else from logging back in with the new credentials, you can enable two-factor authentication, preferably using an Authenticator app, to add an extra security layer to your account. 

By doing this, before someone can log in using your account, they will also need to put a code that would be sent to either your email address or as an SMS to your mobile number. Without the code, they will not be able to log in to your account.