Twitter Says Security Flaw Could Have Exposed Android Users’ Private Messages

Twitter CEO Jack Dorsey keeps his cool before Congress
Jose Luis Magana/AP

Twitter disclosed this week that a new security vulnerability could have exposed the direct messages of those who access the platform on Google Android devices.

CNBC reports that the social media website Twitter disclosed a new security vulnerability this week that may have exposed the direct messages of users that access the service via Android devices. The vulnerability may have exposed the private data of platform users accessing the service on Android devices running OS versions 8 and 9. Direct messages (DMs) are the company’s name for private one-on-one or group communications not visible to the generation user population.

In a blog post, the Silicon Valley company stated: “This vulnerability could allow an attacker, through a malicious app installed on your device, to access private Twitter data on your device (like Direct Messages) by working around Android system permissions that protect against this.”

The vulnerability comes just weeks after Twitter suffered a major security breach. In a recent article, the Wall Street Journal outlined how a Florida teenager allegedly convinced Twitter employee that he was a co-worker in order to gain access to Twitter tools that he used to hijack the accounts of prominent figures such as Barack Obama, Elon Musk, Kanye West, and Joe Biden to promote a bitcoin scam that allegedly generated upwards of $100,000.

Twitter disclosed this week that it expects to be fined as much as $250 million for using the personal information that users provided for security purposes for targeted advertising instead. The announcement comes shortly after Twitter received a draft complaint from the FTC.

Twitter’s stock dropped by approximately 1 percent after hours on the announcement. Twitter made the disclosure in its second-quarter 10-Q financial filing with the SEC, stating that: “The allegations relate to the Company’s use of phone number and/or email address data provided for safety and security purposes for targeted advertising during periods between 2013 and 2019. The Company estimates that the range of probable loss in this matter is $150.0 million to $250.0 million and has recorded an accrual of $150.0 million.”

In its blog post relating to the Android security breach, Twitter stated: “Your privacy and trust is important to us and we will continue working to keep your data secure on Twitter.”

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address


Please let us know if you're having issues with commenting.