Facebook is warning its users that their usernames and passwords may have been stolen by hackers.

Facebook is warning
Facebook is warning

Facebook is warning

Facebook is warning 1 million users about stolen usernames and passwords, after an investigation found that the social media platform was breached.

The company said it would notify approximately one million Facebook users that their account credentials may have been compromised as a result of security issues with apps downloaded from Apple and Alphabet’s software stores. The company announced Friday that it identified more than 400 malicious Android and iOS apps this year—with the intent of stealing login credentials from internet users.

After notifying both Apple and Google about the issue, Meta said it was able to help facilitate removal of all affected apps. Facebook has not released details about how many of those accounts were accessed by the hacker or how many accounts are still available. However, they do believe that all of their passwords were encrypted with a cryptographic hash function called SHA-1 (Secure Hashing Algorithm version 1)

The social network is sending messages to affected users telling them they should change their passwords. It also recommends turning on two-factor authentication, which sends a code to your phone when you try to log in. One common type of scam works like this: After a user installs one of the fake apps and logs into it with his Facebook account, he will be prompted to share personal information.

The app allowed the user to edit photos and then share them on Facebook—but by uploading their edited photo, they unknowingly gave an application access to the account. In a statement posted online last week, the company said it would share tips with potential victims on how they can avoid being “re-compromised” by learning how to better spot problematic apps that pilfer usernames and passwords.

It’s important to note that these passwords were not collected by Facebook, and that the site does not store any of its users’ passwords or credit card information.


Leave a Comment

%d bloggers like this: