Meta is warning 1 million Facebook customers that their account info could have been compromised by third-party apps from Apple or Google’s shops. In a brand new report, the corporate’s safety researchers say that within the final 12 months they’ve recognized greater than 400 scammy apps designed to hijack customers’ Facebook account credentials.

According to the corporate, the apps are disguised as “fun or useful” companies, like photograph editors, digicam apps, VPN companies, horoscope apps, and health monitoring instruments. The apps usually require customers to “Log In with Facebook” earlier than they’ll entry the promised options. But these login options are merely a method of stealing Facebook customers’ account information. And Meta’s Director of Threat Disruption, David Agranovich, famous that most of the apps Meta recognized have been barely practical.

“Many of the apps provided little to no functionality before you logged in, and most provided no functionality even after a person agreed to login,” Agranovich mentioned throughout a briefing with reporters.

Of observe, Meta discovered malicious apps in each Google’s Play Store and Apple’s App Store, although the overwhelming majority have been Android apps. Interestingly, whereas the malicious Android apps have been principally shopper apps, like photograph filters, the 47 iOS apps have been nearly completely what Meta calls “business utility” apps. These companies, with names like “Very Business Manager,” “Meta Business,” “FB Analytic” and “Ads Business Knowledge,” appeared to be focused particularly at folks utilizing Facebook’s enterprise instruments.

Agranovich mentioned that Meta shared its findings with each Apple and Google, however that it was in the end as much as the shops to make sure the apps are eliminated. In the meantime, Facebook is pushing warnings to 1 million individuals who could have used the apps. The notifications inform customers their account information could have been compromised by an app — it doesn’t identify which one — and recommends resetting their passwords.