A vulnerability in Facebook’s WhatsApp could allow attackers to install spyware on impacted smartphones.
Facebook provided an update to a previously disclosed incident involving insecurely storing “tens of thousands” of Instagram users’ passwords on internal servers in clear text. Facebook now says that “millions” of Instagram accounts are now impacted.
The company downgraded the user impact to 30 million users from 50 million users and also shared the details of the attacks that exploited a vulnerability in Facebook’s code that existed between July 2017 and September 2018.
Facebook posted a security update that describes a security issue that occurred on September 25, 2018 that affected nearly 50 million accounts.
Security firm Trustlook has found at least 25,936 malicious apps using one of Facebook’s APIs, such as a login API or messaging API. Such malicious apps could then use and abuse a range of Facebook login profiles, such as name, location and email address, according to recent blog post.