Nov. 25 (UPI) — Facebook and Twitter announced Monday that hundreds of users’ personal data has been improperly accessed by a third-party through certain apps.
Twitter announced that personal data potentially accessed by a third-party developer included email, username and last tweet.
The social media giant added the breach impacted Android, but not Apple users.
Hundreds of users may have been breached after they logged into certain Android apps downloaded from the Google Play store, including those who accessed apps such as Giant Square and Photofy.
Both social media companies found out from a security researchers report that the problem stemmed from a “malicious mobile software development kit” named One Audience, which gave third-party developers access.
“Security researchers recently notified us about two bad actors, One Audience and Mobiburn, who were paying developers to use malicious software development kits (SDKs) in a number of apps available in popular app stores,” Facebook told CNBC in a statement. “After investigating, we removed the apps from our platform for violating our platform policies and issued cease-and-desist letters against One Audience and Mobiburn.”
“We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts,” the statement added.
Facebook and Twitter said they plan to notify users who may have been impacted by the breach.
The announcement for Facebook comes on the same day it’s introducing a new market research app.
The new app, called Facebook Viewpoints, gives people points for completing surveys, such as the first “Well-Being Survey” with 1,000 points that results in a $5 reward sent to a PayPal account.