Hundreds of apps are stealing people’s Facebook accounts, Meta warns

Apps are pretending to offer useful services but actually taking logins

Andrew Griffin
Friday 07 October 2022 11:56 EDT
Comments
Nigeria Meta Court Case
Nigeria Meta Court Case (Copyright 2021 The Associated Press. All rights reserved.)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Hundreds of apps are secretly stealing people’s Facebook logins, parent company Meta has warned.

The apps hide inside the iPhone and Android app stores, appearing to offer useful services. They might show as photo editors that offer fun filters, for instance, or useful tools such as flashlights.

But more than 400 such apps have been found actually stealing Facebook login details and then getting into people’s accounts, the company said in an update.

It warned users to be careful when downloading new apps, if they ask for social media credentials when signing up.

Most of the apps were photo editors, it said, with almost 43 per cent coming in that category. But that apps can take a number of forms, with developers seemingly targeting categories that are likely to encourage people to download them.

Developers also use a number of other tricks to hide the scam. That can include publishing fake positive reviews so that critical reviews from those who have spotted the malicious nature of the app will be drowned out.

When the app is finally installed, users are prompted to login with Facebook, so that they can get access to those features. But the login is actually intended to steal the password and username.

With that, attackers can break into Facebook accounts, stealing other data or messaging friends in an attempt to get even more people involved.

There are few very obvious ways to distinguish those malicious apps from legitimate ones. Many real apps might offer such services – and require users to log in with their Facebook accounts.

But Meta advised that people take three steps before downloading and logging into such an app. First anyone should be suspicious of apps that require a social login to use features, should check their reputation, and check whether the app really seems to be offering the services it promised.

If anyone is affected, Meta advised resetting passwords, switching on two-factor authentication and switching on login alerts so that you will be warned if anyone tries to get into you Facebook account.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in