If you downloaded an app in the last year that didn't work all that well, there's a chance that it was used to steal your Facebook password.
Meta began notifying at least 1 million Facebook users that their password data may have been compromised through third-party apps. More than 400 malicious apps were found by the company that were designed to steal Facebook login information and compromise people's accounts.
Meta found that many of the password-stealing apps were actually photo editing apps. There were other types of malicious apps as well. The majority of these apps are found on the Play section of the app store. Most of the ones hosted on the App Store are business oriented.
Meta suggests looking at the app's requirements to see if it requires you to log in with your Facebook credentials. "Sign in with Facebook" is a legitimate option, but it is not the only one. Make sure that the app delivers on its promises. Even after signing up for Facebook, many of the problematic apps were still dead.
According to David Agranovich, Director of Threat Disruption, Meta shared its findings with both the App Store and Google Play, but it was up to them to remove the apps. All apps identified by Meta have been removed by both hosts.
If you're worried that you've downloaded and tried to use any of the listed apps in the past, Meta recommends that you change your password, enable two-factor authentication, and turn on log-in alert so you'll be protected.