Facebook Warns 1 Million Users Whose Logins Were Stolen By Scam Mobile Apps (theverge.com) 15
Meta is warning Facebook users about hundreds of apps on Apple and Google's app stores that were specifically designed to steal login credentials to the social network app. From a report: The company says it's identified over 400 malicious apps disguised as games, photo editors, and other utilities and that it's notifying users who "may have unknowingly self-compromised their accounts by downloading these apps and sharing their credentials." According to Bloomberg, a million users were potentially affected. In its post, Meta says that the apps tricked people into downloading them with fake reviews and promises of useful functionality (both common tactics for other scam apps that are trying to take your money rather than your login info). But upon opening some of the apps, users were prompted to log in with Facebook before they could actually do anything -- if they did, the developers were able to steal their credentials.
Not a problem (Score:2)
It's all just bots talking to each other anyway.
Re: (Score:3)
"The Social Network"...great film. Literally about Harvard students squabbling over credit for a glorified pimping app.
LOL! (Score:3)
Re: (Score:2)
Just because you have no social life doesn't mean nobody else does.
Re: (Score:2)
I keep mine secured with YubiKeys. Not 100% secure, as the auth token can likely be snarfed on the end point, but at least an attacker has to have control of something on my end.
What blows my mind is how so many other services use FB as a source of truth for user authentication. FB wasn't really designed to be on par with AAD for this level of security. At least they offer decent 2FA options, and a YubiKey is as good as one can get for most things.
Re: (Score:2)
Re: (Score:2)
There are a few type of Yubikeys. Looks like FB is giving out the tiny ones that are designed to be stuffed into a USB port and left there (YubiKey Nano), as opposed to the larger ones that have a round button. The model I give out is either the one with a USB-C port on one side and a Lightning port on the other, a 5 NFC model with USB A, or a 5 NFC model with USB C.
The Yubikey Nanos, I just leave in a machine, for example, a dedicated box I use for GPG signing, but it isn't really designed to go with you
Stolen By Scam Mobile Apps (Score:2)
So... *not* the Facebook app? :-)
Re: (Score:2)
The facebook only [in]famously stole and then deleted contacts.
That was many moons ago, but I never loaded the facebook app, and I never will, despite using facebook regularly. The web interface does everything the app does, albeit slightly more poorly. Also, you can run various blockers on it. You do have to use mbasic to message, that is shitty. But it also does work.
There must be MUCH more, then... (Score:3)
I've had several acquaintances report that their profiles were blatantly copied, and when they notified Facebook about this, Facebook essentially replied, "Sorry, that doesn't look like an illegitimate profile copy". Just remember how large of a percentage of Internet scams originate from Facebook, and how little interest Facebook has in even trying to solve the problem, despite wasting billions on a flash-in-the-pan VR play. The higher the number of fake accounts on Facebook, the bigger the lie Facebook can tell to advertisers when trying to jack up the price.
Re: (Score:3)
Does your mother know you talk like that?
Re: (Score:2)
A lot of copied profiles are also someone cloning a FB profile on Instagram. Of course, reporting it seems to not do much.
The Metaverse is Safe! (Score:2)
Nothing to see here. The Metaverse is just fine. Won't be any issues. Certainly no one will be stealing data. No one will trick you. Come play friends!
They can't even secure the world wide web amongst the top companies that run it.
--
I have never made but one prayer to God, a very short one: 'O Lord make my enemies ridiculous.' And God granted it. - Voltaire