Over 1M Facebook Passwords Stolen with Malicious Apps, Meta Warns

Do you often use Facebook to authorize in third-party apps? This may be more dangerous than you think. According to the recent report by Meta, about 1M users may have their accounts compromised as a result of using third-party apps with their Facebook credentials. If you are one of these, you will receive a notification telling you what to do.

As Meta says, there have been about 400 apps that stole user credentials by prompting them to authorize with Facebook. There were photo editors, health trackers, VPN services, or mobile games which required authentication via Facebook, so they could steal passwords and some private data. Photo editors turned out the most popular among these apps (about 42.6%). Other categories were less popular, though still numerous.

If you have been affected by these apps, you’ll receive a message from Facebook telling you what to do. These steps are already described in the official post on Facebook Help portal. In short, you need to change your password and enable two-factor authentication as soon as possible. It would also help to enable login alerts and use the Security Checkup Tool for further security.

What happens to the culprit apps? According to Google, all of them have been removed from Play Store after Facebook had reported these apps. Apple is a little behind: so far, only 45 of them have been removed, while the others are still being reviewed and investigated. The problem won’t be completely solved even when Apple removes them all, too. Many Android apps in questions were distributed through third-party app stores or repositories, so if you like using unauthorized indie apps, you need to be careful.

Have you been affected by this issue? Did you receive the message? Do you often use third-party sources for Android apps? If there have been such issues in your life, how did you handle the consequences? Your story may be helpful for others, so share it in the comments!