Meta has warned users that they "may have logged into Facebook from a malicious app", potentially giving them access to passwords in the process.
The warning, which was sent out to a million Facebook users, warns that apps could have been used to "steal" account information, including passwords.
Meta's reasearchers say that they've found more than 400 apps that were built to collect the credentials of its Facebook users, including those downloadable via the Google Play Store and Apple App Store. Those who receive the warning are encouraged to reset their passwords.
Engadget notes that most of the apps that were identified as being maliscious were on the Android side of things, with the majority being aimed at consumers. However, some were designed for businesses with names like 'Very Business Manager', 'Meta Business', 'FB Analytic', and 'Ads Business Knowledge'.
Notably, Meta's director of threat disruption, David Agranovich, says that the apps were never designed to do anythig other than scrape the usernames and passwords of people who used them.
"Many of the apps provided little to no functionality before you logged in," Engadget quotes him as saying in a briefing. He then went on to add that, "Most provided no functionality even after a person agreed to login."
While Meta did tell both Google and Apple about the apps that are in their stores, he did also note that it's down to those two companies to remove them to prevent even more credentials from being stolen.
Now seems like a good time to remember why you shouldn't re-use passwords and should be using a password manager instead.
No comments:
Post a Comment