Meta warns that the data of a million users may have been compromised in the latest Facebook data breach.
Unfortunately, scam apps are a global problem that have caused serious issues for users. In this post, we will take a look at the current breach, the widespread issue of malicious apps, and how users can protect themselves.
The Most Recent Facebook Data Breach
Meta has recently warned Facebook users that, for about a million people, their login data has been compromised through malicious apps.
In a recent blog post, Meta warned that researchers have found hundreds of malicious Andoid and Apple apps designed specifically with the intention of stealing user information.
According to Meta:
Our security researchers have found more than 400 malicious Android and iOS apps this year that were designed to steal Facebook login information and compromise people’s accounts. These apps were listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps and other utilities to trick people into downloading them.
This is not exactly a suprise, as malcious apps have had a strong presence in app stores for years. Also, especially in response to the pandemic, cyber crimes of various kinds of increased.
Crimes range from classic email phishing scams, to abusing cash apps, to romance scams on dating apps. Criminals take hundreds of millions from people around the world every year.
More Details About The Malicious Apps
As these apps are accessible in third-party app stores, there is not much that Facebook can directly do to stop criminals from creating them and victims from unknowingly downloading them.
One big issue, according to Meta’s blog post, is that these malicious apps masquerade as a wide range of apps. This includes:
-Photo editors, including those that claim to allow you to “turn yourself into a cartoon”
-VPNs claiming to boost browsing speed or grant access to blocked content or websites
-Phone utilities such as flashlight apps that claim to brighten your phone’s flashlight
-Mobile games falsely promising high-quality 3D graphics
-Health and lifestyle apps such as horoscopes and fitness trackers
-Business or ad management apps claiming to provide hidden or unauthorized features not found in official apps by tech platforms.
Here is a graph Meta shared showing the spread of the kinds of malicious apps:
How Do These Malicious Apps Work?
Meta says that they have reported these apps to Apple and Google and they have been taken down. They also said that they are working with those who have downloaded the apps and compromised their accounts by accident.
So, how exactly do these apps work?
Essentially, malicious developers create apps that look fun or useful on the surface. They are designed to trick users into downloading them so they can steal their information.
Unfortunately, fraudulent apps are nothing new and pose a threat far and wide outside of Facebook. In fact, recently, experts uncovered dozens of apps involved in an ad fraud scheme that had been downloaded more than 13 million times.
So, how do malicious actors keep convincing people to download their apps?
Simply, they make the apps look legitimate. They also manipulate reviews to build trust. They may flood the app’s page on the Play Store or Apple Store with fake positive reviews and high ratings.
Also, it is not uncommon for apps to ask users to sign in with their Facebook credentials. In the case of malicious apps, when users do this, the app steals that information.
They then can use it to access their account, other apps, gain more personal information, and message a user’s friends.
This is incredibly widespread. Almost every person at some point has received a message that appeared to be from a Facebook friend asking them to click on a strange link. Never click any links like this. It may be a result of hacking.
How Can Users Affected by the Facebook Data Breach Protect Themselves?
There are countless legitimate apps that allow users to access them with Facebook. Cybercriminals know how popular these apps are, which is part of why they have chosen this method.
However, there are some key things that users can look out for when they download apps. Remember, you cannot only rely on ratings and reviews.
However, there is good news. There are some telltale signs that an app is actually Malware:
- 1. It does not function unless you provide social media credentials: Most legitimate apps will offer several ways that you can use them. Some even let you create an account within the app itself without providing your email or social media account information. If an app is unusable unless you give it your Facebook password, this is likely a big red flag.
- 2. The App’s Reputation: This is an interesting one. Generally, you want an app with the highest rating and best reviews possible, right? However, if an app has no negative reviews or ratings at all, this could potentially be a red flag.
- 3. The Google Search Seems Off: If an app seems off to you, a quick Google search can tell you a lot. While malevolent actors can manipulate app store reviews, it is more difficult (but not impossible with unscrupulous SEO practices) to manipulate search engines.
Don’t Be Afraid To Abandon Questionable Apps
Keep in mind, that there are countless apps out there that offer almost every functionality you can think of. If an app seems off to you for any reason, the easiest thing to do is to move on and choose a legitimate app.
Likely, there are hundreds or thousands of real apps that do what you are looking for. So, if you aren’t up for some quick detective work, or just don’t want to take the risk, you can find what you need easily elsewhere.
Facebook provided images of some of these scam apps, which are designed specifically for the purpose of stealing Facebook information.
As you can see, they only offer the option to log in via Facebook, which is unusual amongst apps.
What Can Users Do if Their Information Has Been Compromised in the Facebook Data Breach?
If you think you may have downloaded a malicious app and your account has been compromised, there are some things that you can do to secure your Facebook account.
- Reset and create new strong passwords. Never reuse your password across multiple websites.
- Enable two-factor authentication, preferably using an Authenticator app, to add an extra security layer to your account.
- Turn on log-in alerts so you’ll be notified if someone is trying to access your account. Be sure to review your previous sessions to ensure you recognize which devices have access to your account.
Meta also has a Data Abuse Bounty program. They suggest that people report malicious applications to them via the program.
The Widespread Problem of Cybercrime
Often, people have little sympathy for the victims of malware apps, hacking, and virtual scams. This is likely because they don’t really understand how widespread these problems are. The truth is that they can happen to anyone at any time.
In fact, Fast Company recently suffered a major hack, which the perpetrator said they did “for fun” after discovering their private information on a data trading platform.
On top of creating malicious apps specifically for the purpose of stealing user information, cybercriminals also abuse the apps millions of people use every day.
In fact, scams on cash apps are such a big problem that advocacy groups want to change laws to protect users.
The truth is that when it comes to consumer protections for apps, a lot could be improved upon.
Final Thoughts on Malicious Apps and the Latest Facebook Data Breach
Ultimately, in this case, Facebook may be doing the best it can to cope. Malicious apps have been a problem for years.
A report from this summer found that malicious apps had been downloaded 10 million times from the Google Play Store. Experts suggest that cybercriminals rake in millions a year from scams on the Apple App Store alone.
What do you think? Comment below.
Since 2009, we have helped create 400+ next-generation apps for startups, Fortune 500s, growing businesses, and non-profits from around the globe. Think Partner, Not Agency.
Find us on social #MakeItAppn®