Meta, the parent company of Facebook, is warning 1 million users that their login information may have been compromised by malicious apps.
This year, Meta’s investigations indicate over 400 malicious Android and iOS apps designed to steal its users’ personal Facebook login information, the company said in a blog post on Friday. Meta spokesperson Gabby Curtis confirmed that the company is alerting 1 million users who may have been impacted by the apps.
Meta stated that the apps they discovered were masked as games, photo editors, health and lifestyle services, and other types of apps in order to trick people into downloading them. According to the company, the malicious app would frequently ask users to “login with Facebook” before stealing their username and password.
“This is a highly adversarial space and while our industry peers work to detect and remove malicious software, some of these apps evade detection and make it onto legitimate app stores,” wrote Meta’s Threat Disruption Director David Agranovich, and Malware Discovery and Detection Engineer Ryan Victory.
Meta stated that it had reported the apps to Apple and Google and that it had since been told to remove them. According to Google spokesperson Edward Fernandez, the “apps identified in the report are no longer available on Google Play.” An Apple representative responded but did not comment.
For years, Meta has been inspected for its privacy policies. Following reports that the political consultancy Cambridge Analytica improperly accessed the personal data of millions of Facebook users, the Federal Trade Commission (FTC) approved a $5 billion settlement with Facebook in 2019.