Meta.Photo: Justin Sullivan/Getty Images
One million Facebook users' passwords may have been stolen after downloading false apps that required them to log in to their account.
Meta found over 400 apps created for both Android and Apple devices that were disguised as photo editing, games, and features like a flashlight app. Instead, the apps were used tosteal login names and passwordswhen they asked users to sign in via Facebook, it announced in a release on Friday.
One million users may have been impacted, per multiple news outlets.
Facebook said it is helping those who were impacted secure their accounts.
Both Google and Apple have pulled the apps from their stores, Facebook added.
“There are many legitimate apps that offer the features listed above or that may ask you to sign in with Facebook in a safe and secure way,” Facebook said. “Cybercriminals know how popular these types of apps are and use these themes to trick people and steal their accounts and information.”
To stay safe, Facebook recommends looking at all reviews, how many downloads the app has, and to “be suspicious” of an app that makes users sign in with their Facebook account before letting them use it.
Providing a list of all of the compromising apps, Facebook urged anyone who is impacted to delete the app(s) from their phone immediately and reset their login information.
Never miss a story — sign up forPEOPLE’s free daily newsletterto stay up to date on the best of what PEOPLE has to offer, from juicy celebrity news to compelling human interest stories.
It also suggests users to enable a two-factor authentication through an app “to add an extra security layer to your account” as well as to allow log-in alerts so a user will know if someone tried to get into their account.
For compromised accounts, individuals can file a report through the Data Abuse Bounty program.
source: people.com
