Facebook parent company Meta has issued a security warning to approximately 1 million Facebook users that their login credentials may have been stolen by scam apps. While the majority of the apps were Android apps, 47 of them were distributed in Apple’s iOS App Store.
The apps used “Login with Facebook” to steal the logins. Many apps and websites offer third-party login options, commonly using third-party login options include:
- Login with Facebook
- Login with Google
- Login with Apple
These login methods are designed to make it quicker and easier for users to log in to an app, eliminating the need to register an account. However, this also opens the door to bad actors using the feature to steal your login credentials.
Engadget reports:
Meta is warning 1 million Facebook users that their account information may have been compromised by third-party apps from Apple or Google’s stores. In a new report, the company’s security researchers say that in the last year they’ve identified more than 400 scammy apps designed to hijack users’ Facebook account credentials.
According to the company, the apps are disguised as “fun or useful” services, like photo editors, camera apps, VPN services, horoscope apps, and fitness tracking tools. The apps often require users to “Log In with Facebook” before they can access the promised features. But these login features are merely a means of stealing Facebook users’ account info. And Meta’s Director of Threat Disruption, David Agranovich, noted that many of the apps Meta identified were barely functional.
Facebook users that have used one of the scam apps will see the following message in the Facebook app:
A security notice from Meta
You may have logged into Facebook from a malicious app designed to steal your
Facebook account information.To protect your information we recommend you secure your account immediately.
The site says that the iOS apps identified mostly targeted business users, with names like Meta Business, FB Analytic, and so on.
If you have installed any of the apps in the list below (shared by 9to5Mac), you should remove the app and then change your Facebook password.
iOS App ID | App Name |
1555651942 | FB Advertising Optimization |
1561642325 | Business ADS Manager |
1563142182 | Ads Analytics |
1564091908 | FB Adverts Optimization |
1566705026 | FB Analytic |
1566706023 | FB Adverts Community |
1574530186 | Adverts Ai Optimize |
1587056055 | Very Business Manager |
1591775710 | FB Business Support |
1593368297 | Fb Ads |
1596775769 | Meta Optimizer |
1597553589 | Business Manager Pages |
1598946098 | Adverts Manager |
1600072709 | Meta Adverts Manager |
1600404846 | Ad Optimization Meta |
1601275530 | FB Pages Manager |
1602637866 | Business Ads |
1603255418 | Meta Business |
1603571287 | Business Suite Manager |
1604086670 | FB Ads Cost |
1607057895 | Adverts Bussiness Suite |
1608743187 | Business Ads Clock |
1609915932 | Ads & Pages |
1610859814 | Business Suite |
1610944161 | Business & Ads |
1612196202 | Business Manager Overview |
1613983385 | Business Suite Ads |
1619733733 | Page Suite Manager |
1622402517 | Business Meta Support |
1623362126 | Pages Manager Suite |
1625368035 | Business Meta Pages |
1626632781 | Business Suite Ads |
1626692617 | Ads Business Knowledge |
1629919774 | Page Suite Managers |
1631778308 | Pages Managers Suite |
1632069527 | Ads Business Advance |
1632606219 | Pages Manager Suite |
1633012933 | Business Suite Optimize |
1633016482 | Business Manager Suite |
1633078757 | Business Suite Managers |
1633828994 | Ads Business Manager |
1635045234 | Ads Business Suite |
1635301567 | Business Manager Pages |
1635555183 | Business Adverts Manager |
1636196931 | Ads Manager Suite |
1636825108 | Business Manager Pages |
1639572841 | Ads & Business Suite |