Hundreds Of Apps Stole Login Credentials From Facebook Users, Meta Says

Hundreds of apps have stolen numerous Facebook passwords over the last year, according to a report released by Meta on Thursday.

Security researchers found more than 400 Android and iOS apps responsible for stealing Facebook login information and compromising user accounts, Director of Threat Disruption David Agranovich said. Photo editor apps were listed as the main app responsible for the hacks, but game, VPN, lifestyle and utility apps were all listed as probable malicious apps.

Meta will be warning up to 1 million users of possible data breaches, but reported not all compromised users have experienced adverse effects, Agranovich said, according to Forbes.

The majority of the phishing applications found were Android compatible, but Meta has reached out to both Apple and Google to form a joint force of security researchers and policymakers dedicated to improving the defenses against hacking, Agranovich said. Meta has also asked all users to be cautious when downloading third-party apps that ask for social media credentials as they increase the likelihood of hacking.

“If a flashlight application is requiring you to login with Facebook before it gives you any flashlight functionality, there’s probably something to be suspicious of,” Agranovich said.

Hackers create malware apps “designed as apps with fun or useful functionality,” Agranovich said. However, hackers will write their own reviews and rate their own apps to make them appear legitimate and trusted in the app store.

Meta referenced app stores as a “highly adversarial space,” monitored by industry peers who detect and remove software, yet many times the phishing apps are able to “evade detection” and make it on the app store.

Meta did not immediately respond to the Daily Caller News Foundation’s request for comment.

_{Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org.}