Over 1 million Facebook users' passwords compromised — what to do now

Share

• Copy link
• Facebook
• X
• Reddit
• Email

Share this article

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Tom's Guide Newsletter

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Daily (Mon-Sun)

Tom's Guide Daily

Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.

Signup +

Weekly on Thursday

Tom's AI Guide

Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!

Signup +

Weekly on Friday

Tom's iGuide

Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.

Signup +

Weekly on Monday

Tom's Streaming Guide

Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

Facebook’s parent company Meta has reported that the login information of up to a million users may have been compromised and made available to hackers. If you think you have been hit, reset your passwords now.  

Scanning both the Google Play store and Apple's App Store Meta previously announced it has found 400 apps designed specifically to harvest users' personal information. Posing across a range of genres these apps include games, VPNs, health services, and photo editing tools. All the apps are designed to ‘phish’ for users Facebook login information, which could lead to compromised accounts. 

These apps have been removed from their respective stores but users should check that they haven’t already got one installed. Meta has listed the apps in full in a blog post for users to cross-reference with their Android or iPhone and is reaching out to those affected.  According to the Washington Post, a Meta spokespersons has said that one million Facebook users may have been affected by these malicious apps.  

Worryingly, many of these dangerous apps were targeted toward children with Meta finding that 11.7% of them were masquerading as games. Most disturbing of all, 42.6% of the apps were claiming to be photo editing apps, with any pictures taken using them likely compromised too. 

The trick to the phishing attack here was to get users to log into the app using the “login with Facebook” service that the social network offers and often makes it trivially easy to log into service when using a mobile device. But in the case of the malicious apps, they'd quietly steal the user's login credentials, no doubt for later unscrupulous use. 

Change your password now

If you suspect you may have fallen foul of such phishing attacks, then we suggest you go and change your Facebook password right away. This should curtail any malicious use of your account.

And when it comes to logging into apps with a Facebook (or other social media) account be aware that just because something is on Google or Apple’s official app store does not mean it is safe. Both companies do have stringent measures against this kind of fraud but something will always slip through the cracks. 

Meta has laid out some guidelines to follow when deciding whether to trust an app, which include checking reviews and guidance for an app and whether it only offers users the chance to log in via social media (a gigantic red flag). This is a start, but there are plenty of ways to further increase your security online. 

First and foremost using one of the best password managers available will improve your safety no end and will greatly reduce the damage any leaked information can do. This is especially true if you use the same password on several platforms. Our senior security and networking editor Anthony Spadafora recommends LastPass, “because of its ease of use, its support for all major platforms and its wide range of features.”

To spot a malicious app, Anthony suggests users stay aware of what their apps require permission to do. Does a flashlight app need access to your contacts or address for example? For Android in particular this can be a problem and it is well worth checking out the best Android antivirus apps.

Two-factor authentication (2FA) is another great tool to protect your login credentials, it can be installed on most large online services such as Amazon, Facebook and Twitter and even Fortnite. In this day and age, it is up to us as users to protect our own data. Make sure you don’t get caught out.