Twitter Disclosed an Android Security Bug That May Allow Hackers to Access Users Direct Messages

After facing a massive breach last month, Twitter announced on Wednesday that the company has discovered a new security bug that may expose the DMs of users who use the Twitter app on Android smartphones. The vulnerability which was patched in Oct of the year 2018 has also been fixed, and it affected versions 8 and 9 of the Android operating system, Twitter said. The micro-blogging app also explained that there were no evidences that the security bug was ever exploited by hackers.

Twitter stated in a blog post that the security vulnerability could allow a bad actor to access Android users private Twitter data through a malicious application that was installed on the device of the victim.

A company’s spokesman told media outlets that a security researcher reported this security vulnerability through HackerOne platform. It was reported a few weeks ago, and the company has been working to keep Twitter accounts secure since then. The spokesperson also added that now that the bug has been fixed, the company is letting people know about this Android security bug.

The company explained that it did not disclose the vulnerability to prevent hackers from learning about the bug and taking advantage of the situation before the company could fix the security vulnerability.

Twitter said that 96% of people who use the app on Android have updated the application and are protected from the vulnerability. On the other hand, Twitter also said that nearly 4% of users have not still updated the app and are vulnerable. The company said Twitter will notify those users to update the Twitter application as soon as possible.

Although the company could not find any evidence that the security vulnerability was ever exploited by hackers, Twitter said that the company cannot be entirely sure so the company fixed the vulnerability to ensure that third-party applications could not access the in-app data. Twitter has now added more safety precautions beyond standard protections. The security bug also did not affect the Twitter application for iOS or the web version of the app.

The news comes just weeks after the platform was hit by a massive crypto scam in July of this year. The massive Twitter hack spread a Bitcoin giveaway scam by hacking high-profile Twitter accounts of celebrities and politicians. The hacker gained access to internal tools and systems of Twitter. The United States Department of Justice has now charged three persons including one juvenile allegedly responsible for the Twitter breach.


Photo: Anadolu Agency via Getty Images

Read next: Twitter Tests Much Needed Feature to DM Requests
Previous Post Next Post