Facebook and Twitter have announced this week that the personal data of users may have been improperly accessed if they logged into certain Androids apps downloaded from the Google Play store.
CNBC reports that social media giants Facebook and Twitter revealed on Monday that hundreds of users may have had their personal data improperly accessed after using their accounts to log in to certain Androids apps downloaded from the Google Play store.
The two social media firms received a report from security researchers who informed them that a software development kit named One Audience gave third-party developers access to personal data. The data accessed could include email addresses, usernames and recent tweets from people who used their Twitter accounts to log in to apps such as Giant Square and Photofy.
Twitter stated that there is a possibility that a user’s Twitter account could be hijacked via this vulnerability but so far there is no evidence that this occurred. Lindsay McCallum, a Twitter spokesperson, stated: “We think it’s important for people to be aware that this exists out there and that they review the apps that they use to connect to their accounts.”
A Facebook spokesperson provided CNBC with the following statement:
Security researchers recently notified us about two bad actors, One Audience and Mobiburn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores. After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn. We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts.
Mobiburn posted a statement discussing the issue, claiming that it does not collect, share or monetize data from Facebook. The firm stated: “Mobiburn only facilitates the process by introducing mobile application developers to the data monetization companies. This notwithstanding, Mobiburn stopped all its activities until our investigation on third parties is finalized.”