Over 400 iPhone & Android Apps Stole Facebook Login Data

Facebook isn’t known for its privacy standards. In fact, it’s known for the opposite. Facebook takes and sells user data as a business model, and that isn’t news to anyone. However, its parent company, Meta, is looking out for the community in some way. Its researchers discovered over 400 apps stole Facebook login data from users. Are you among them?
October 10, 2022
 / 
meritsolutions
 / 
over 400 iPhone & Android Apps Stole Facebook Login Data - MERIT Solutions

Facebook isn’t known for its privacy standards. In fact, it’s known for the opposite. Facebook takes and sells user data as a business model, and that isn’t news to anyone. However, its parent company, Meta, is looking out for the community in some way. Its researchers discovered over 400 apps stole Facebook login data from users. Are you among them?

According to Meta, over 400 apps across both iPhone and Android were found to be nefarious with one singular goal: extract the user’s Facebook credentials. When opened, these apps would insist the user connect to Facebook as a login measure. That’s not unusual, as many apps offer login options through Facebook. However, when a user would punch in their username and password, the app would scrape it, and send it back to the malicious developers.

The good news is these apps are effectively dead. After Meta reached out to Google and Apple, both companies removed each and every identified apps from their respective app stores. For Apple, that was an easy task, as only 45 of the compromised apps were found on its App Store. Google bore the brunt of the infestation, which isn’t surprising, since apps containing malware are much more often found on its Play Store than Apple’s marketplace.

However, there’s two particularly pressing pieces of bad news. The first is these apps managed to steal the login information of roughly one million Facebook users. Meta is reaching out to these users to make sure they’re all notified and informed. The silver lining is not all users had their accounts hacked or accessed, so there’s still time for them to change their passwords to protect their Facebook data.

The second piece of bad news, however, is that the apps can still potentially harm users. If you downloaded one of these apps onto your phone, it won’t be removed just because Apple and Google deleted it from their app stores. In order to rid it from your device, you’ll need to delete it yourself. You can find a complete list of the known apps on Meta’s announcement, although it can of course be difficult to identify your app in a sea of 400.

Share This

Leave a Reply



Sign Up for weekly MERIT Security Briefing

By signing up, you agree to our Privacy Policy.