1 Million Facebook Users May Have Had Passwords Stolen Through Fake Apps

Charmaine Patterson
·2 min read
1
meta
meta

Justin Sullivan/Getty Images Meta

One million Facebook users' passwords may have been stolen after downloading false apps that required them to log in to their account.

Meta found over 400 apps created for both Android and Apple devices that were disguised as photo editing, games, and features like a flashlight app. Instead, the apps were used to steal login names and passwords when they asked users to sign in via Facebook, it announced in a release on Friday.

One million users may have been impacted, per multiple news outlets.

Facebook said it is helping those who were impacted secure their accounts.

Both Google and Apple have pulled the apps from their stores, Facebook added.

RELATED: Facebook Removes Fake Chinese Accounts Attempting to Meddle in U.S. Midterm Elections

"There are many legitimate apps that offer the features listed above or that may ask you to sign in with Facebook in a safe and secure way," Facebook said. "Cybercriminals know how popular these types of apps are and use these themes to trick people and steal their accounts and information."

It added that malware developers could go as far as posting fake positive reviews to cover up the negative ones shared by people who noticed the app was fake.

RELATED: Facebook, Inc. Changes Company Name to Meta: 'Next Chapter for Our Company,' Says Mark Zuckerberg

To stay safe, Facebook recommends looking at all reviews, how many downloads the app has, and to "be suspicious" of an app that makes users sign in with their Facebook account before letting them use it.

Providing a list of all of the compromising apps, Facebook urged anyone who is impacted to delete the app(s) from their phone immediately and reset their login information.

RELATED VIDEO: Facebook Plans to Change Company Name as Part of Rebrand: Report

Never miss a story — sign up for PEOPLE's free daily newsletter to stay up to date on the best of what PEOPLE has to offer, from juicy celebrity news to compelling human interest stories.

It also suggests users to enable a two-factor authentication through an app "to add an extra security layer to your account" as well as to allow log-in alerts so a user will know if someone tried to get into their account.

For compromised accounts, individuals can file a report through the Data Abuse Bounty program.