Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Facebook Privacy Security

Facebook Warns 1 Million Users Whose Logins Were Stolen By Scam Mobile Apps (theverge.com) 15

Meta is warning Facebook users about hundreds of apps on Apple and Google's app stores that were specifically designed to steal login credentials to the social network app. From a report: The company says it's identified over 400 malicious apps disguised as games, photo editors, and other utilities and that it's notifying users who "may have unknowingly self-compromised their accounts by downloading these apps and sharing their credentials." According to Bloomberg, a million users were potentially affected. In its post, Meta says that the apps tricked people into downloading them with fake reviews and promises of useful functionality (both common tactics for other scam apps that are trying to take your money rather than your login info). But upon opening some of the apps, users were prompted to log in with Facebook before they could actually do anything -- if they did, the developers were able to steal their credentials.
This discussion has been archived. No new comments can be posted.

Facebook Warns 1 Million Users Whose Logins Were Stolen By Scam Mobile Apps

Comments Filter:
  • It's all just bots talking to each other anyway.

    • Never forget that behind any nth-level barrage of bot bullshit, there's some 5th generation millionaire's publicist and/or stockbroker trying to brainwash you into blaming people who are poorer than you for the things you don't have.

      "The Social Network"...great film. Literally about Harvard students squabbling over credit for a glorified pimping app.
  • by Locke2005 ( 849178 ) on Friday October 07, 2022 @02:44PM (#62947685)
    What are they going to do with my Facebook login, cyberstalk my highschool crush? (She's married to another woman now, by the way.)
    • Just because you have no social life doesn't mean nobody else does.

    • I keep mine secured with YubiKeys. Not 100% secure, as the auth token can likely be snarfed on the end point, but at least an attacker has to have control of something on my end.

      What blows my mind is how so many other services use FB as a source of truth for user authentication. FB wasn't really designed to be on par with AAD for this level of security. At least they offer decent 2FA options, and a YubiKey is as good as one can get for most things.

      • If you work for Facebook/Meta, they force you to use YubiKeys. They have two annoyances: 1) They trigger every time you accidentally touch them, forcing "random" characters into you keyboard stream, and 2) they only stick out of USB plug by a couple millimeters, making them virtually impossible to remove, but Facbook only gives you one YubiKey regardless of how many computers you have, so... grow stronger fingernails? I can't speculate on how secure they are, but obviously Facebook has some security people
        • There are a few type of Yubikeys. Looks like FB is giving out the tiny ones that are designed to be stuffed into a USB port and left there (YubiKey Nano), as opposed to the larger ones that have a round button. The model I give out is either the one with a USB-C port on one side and a Lightning port on the other, a 5 NFC model with USB A, or a 5 NFC model with USB C.

          The Yubikey Nanos, I just leave in a machine, for example, a dedicated box I use for GPG signing, but it isn't really designed to go with you

  • So... *not* the Facebook app? :-)

    • The facebook only [in]famously stole and then deleted contacts.

      That was many moons ago, but I never loaded the facebook app, and I never will, despite using facebook regularly. The web interface does everything the app does, albeit slightly more poorly. Also, you can run various blockers on it. You do have to use mbasic to message, that is shitty. But it also does work.

  • by null etc. ( 524767 ) on Friday October 07, 2022 @02:59PM (#62947713)

    I've had several acquaintances report that their profiles were blatantly copied, and when they notified Facebook about this, Facebook essentially replied, "Sorry, that doesn't look like an illegitimate profile copy". Just remember how large of a percentage of Internet scams originate from Facebook, and how little interest Facebook has in even trying to solve the problem, despite wasting billions on a flash-in-the-pan VR play. The higher the number of fake accounts on Facebook, the bigger the lie Facebook can tell to advertisers when trying to jack up the price.

  • Nothing to see here. The Metaverse is just fine. Won't be any issues. Certainly no one will be stealing data. No one will trick you. Come play friends!

    They can't even secure the world wide web amongst the top companies that run it.

    --
    I have never made but one prayer to God, a very short one: 'O Lord make my enemies ridiculous.' And God granted it. - Voltaire

"I am, therefore I am." -- Akira

Working...