Gareth Wright, an app developer for Android and iOS, has found a security hole in Facebook's native mobile apps that can be used to steal personal information about a user, ZDNet.com reported Thursday.
The problem, Wright said, is that Facebook login credentials for Android or iOS platforms are not encrypted, meaning they can be easily taken from a USB connection or, more likely, through malicious apps.
All a hacker needs is to obtain your Facebook plist file -- a property list file, often used to store a user's settings -- then copy the file to his own device, Wright said.
When the Facebook app is opened, the hacker is logged into Facebook as the user whose file's he's stolen, with complete access to the user's account.
"Facebook are aware and working on closing the hole, but unless app developers follow suit and start encrypting the 60-day access token Facebook supplies, it's only a matter of time before someone starts using the info for ill purpose … if they aren't already," Wright said.