After facing a mega crypto hack last month, Twitter acknowledged on Wednesday that it has discovered and fixed a security vulnerability in its app for Android that would have exposed private data such as Direct Messages (DMs) of some of its users. The bug affected Android versions 8 and 9 and according to the company, 96 per cent of people using Twitter for Android already have an Android security patch installed that protects them from this vulnerability.
"For the other 4 per cent, this vulnerability could allow an attacker, through a malicious app installed on your device, to access private Twitter data on your device (like Direct Messages) by working around Android system permissions that protect against this," said Twitter. The company said it does not have evidence that this vulnerability was exploited by attackers.
Twitter, however, said it can't be completely sure so it has updated Twitter for Android to "make sure external apps can't access Twitter in-app data by adding extra safety precautions beyond standard OS protections". It asked users to update Twitter for Android as it was sending in-app notices to everyone who could have been vulnerable to let them know if they need to do anything.
"To keep your Twitter data safe, please update to the latest version of Twitter for Android on all Android devices that you use to access Twitter," said the company. The bug did not impact Twitter for iOS or Twitter.com. Twitter was hit by a massive cryptocurrency scam last month.
The company said the massive hack that spread a cryptocurrency scam by hijacking accounts of high-profile celebrities, politicians and businesses was a result of a phone spear-phishing attack. The US Department of Justice has charged three young individuals (including one juvenile) with hacking Twitter that compromised the accounts of 130 high-profile celebrities, politicians and businesses like Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Elon Musk, Apple and Uber.