Twitter says it has fixed its Android app's security vulnerability, and urges users to update.
HIGHLIGHTS
- It may have been possible for bad actor to access information on Twitter
- Direct Messages, protected Tweets, location info may be compromised
- Users are advised to update their Twitter for Android app.
In an extremely stressful year for Internet users, Twitter on Friday admitted a malicious code was inserted into its app by a bad actor that may have compromised some users' information worldwide, including in India, as people woke up to an email from Twitter, warning them to update the app for Android. The vulnerability within Twitter for Android could allow the bad actor to see non-public account information or to control your account (send Tweets or Direct Messages), said an apologetic Twitter.
"Prior to the fix, through a complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app, it may have been possible for a bad actor to access information (Direct Messages, protected Tweets, location information) from the app," Twitter said in a statement. Users should update their Twitter for Android app via Google Play.
The company said it does not have direct evidence that malicious code was inserted into the app or that this vulnerability was exploited, but it can't be completely sure. Twitter did not divulge the number of users affected too.The Internet giant issued warning of data breach for users in India and globally after fixing the Chrome 79 bug and re-issuing it for the public.
"Change your password. A data breach on a site or app exposed your password. Chrome recommends changing your password for the site," read the warning pop-up.
Twitter has faced several vulnerabilities on its platform in the recent past.
In May, Twitter disclosed a bug that shared some iOS users' data with an unnamed partner, even if the users did not opt to share data. The bug affected Twitter's iOS user base and they were notified about the issue.
In February, a bug in Twitter exposed private tweets of some Android users for over five years when they made changes in their settings, like changing the email address linked to their accounts.
The vulnerability disabled the "Protect your Tweets" setting if certain account changes were made on Android devices.
In a mega data breach last year, the micro-blogging platform alerted all users to change their password after it discovered a bug that stored passwords in plain text in an internal system.
"Out of an abundance of caution, we ask that you consider changing your password on all services where you've used this password," said Parag Agrawal, Chief Technology Officer at Twitter.
- Get link
- X
- Other Apps
Labels
News
Labels:
News
- Get link
- X
- Other Apps
Comments
Post a Comment