A file photo of Facebook parent Meta’s logo | Photo Credit: AP

About a million Facebook users’ accounts may have been compromised after they downloaded malicious apps that stole login information, Meta Platforms said last week.

ADVERTISEMENT

(For insights on emerging themes at the intersection of technology, business and policy, subscribe to our tech newsletter Today’s Cache.)

According to a company blog post on October 7, Meta identified over 400 malicious Android and iOS apps that tried to steal users’ credentials, mainly by having them log in through Facebook.

“We’ve reported these malicious apps to our peers at Apple and Google and they have been taken down from both app stores prior to this report’s publication,” said Meta in its statement.

ADVERTISEMENT

Meta provided an extensive list of both Android and iOS apps which included photo editors, voice changers, SEO optimisers, business suite tools, VPN apps, fitness aids, and games.

According to the company, 42.6% of identified malicious apps took the form of photo editors.

Users and security experts have questioned how the malicious apps were listed on regulated platforms like the Google and Apple app stores.

Meta also said it was in touch with users whose accounts may have been compromised.

The social media giant advised people who suspected security breaches to delete any suspicious apps, reset their Facebook accounts with new and strong passwords, enable two-factor authentication, and turn on login alerts to be aware of any hacking attempts.