Facebook has detected more than 400 malicious apps available for use on Apple and Android devices, designed to steal personal information from social media accounts.
- Meta, Facebook's parent company, will notify people who it believes are at risk
- It has appealed to Apple and Google to block the apps from being downloaded
- Meta says it is not sure how many people have downloaded the apps
The apps are promoted as photo editors and games, and lure users in before asking for their social media login details.
Facebook's parent company, Meta, has made the announcement after alerting Apple and Google to the apps, appealing to them to block them from being downloaded.
The news comes amid a heated debate in Australia about the vulnerability of personal data, in the wake of last month's massive Optus data breach.
While the telco hack is different to the use of apps to coax users into handing over information, Meta argues it is a salient reminder of online threats.
"The applications would disguise themselves on app stores as things like photo editors, mobile games, health and lifestyle trackers," David Agranovich, Meta's director of threat disruption said.
"The applications would promise features like the ability to turn a photo of yourself into a cartoon, but as soon as you download and open the app, it would prompt you to log in with Facebook."
Meta said it was not aware of the numbers of people who had downloaded the apps, arguing such information would only be known by Google and Apple — the operators of the app stores.
But the company said it would notify people it believed may have been at risk.
"We're being kind of deliberately overcautious and notifying about 1 million users across our entire platform that they may have been exposed to applications like this," Mr Agranovich said.
"That doesn't mean that they were compromised, just that we think that they may have been exposed to one of these applications."
Meta is urging users who may have been targeted to reset their password, enable two-factor authentication on their accounts, and turn on login alerts — to ensure they are made aware if someone is accessing their account.
"There are many legitimate apps on the Google and Apple stores that offer the ability to log in with Facebook credentials in safe and secure ways," Mr Agranovich said.
"Cyber criminals know how popular these types of apps are, and they use similar themes to trick people and try to steal their accounts and information.
"This is a common thing across scammers and spammers, we see it in a bunch of different parts of the internet from spam to fishing lures to similar activity.
"We know that at times, it can be challenging for everyday internet users to differentiate between safe and malicious requests."