Forbes reports that Meta has identified that up to 1 million Facebook users had their log-in credentials targeted by 400 Android and iOS apps during the past year.
Fraudulent virtual private networks, photo editors, health and lifestyle trackers, and mobile games were among the malicious apps that sought to exfiltrate user credentials, a report from Meta revealed. Most of the malicious apps required logins from Facebook, with app developers gaining the capability to hijack usernames, passwords, and two-factor authentication codes in the background, said Meta Director of Threat Disruption David Agranovich. "Our sense here is that this wasn't kind of a specific geographically targeted thing. This was more an attempt to just get access to as many login credentials as possible," Agranovich said. Apple has already removed the 45 malicious apps identified in the report from its App Store, while Google said that many of the apps have already been made unavailable on Google Play prior to Meta's alert.
OpenSea has confirmed being impacted by a third-party security breach, marking the third attack against the major non-fungible token marketplace following a third-party hack and phishing incident in June 2022 and February 2022, respectively, SiliconAngle reports.
Nansen impacted by third-party breach BleepingComputer reports that Ethereum blockchain analytics firm Nansen has disclosed that its third-party authentication provider was impacted by a data breach, which resulted in the compromise of data from 6.8% of its user base over a 48-hour period.