Latest in Gear

Image credit: SOPA Images via Getty Images

Security flaw in Twitter Android app might have exposed Direct Messages

It's related to an underlying Android OS vulnerability.
Nicole Lee, @nicole
August 5, 2020
143 Shares
Share
Tweet
Share

Sponsored Links

POLAND - 2020/08/04: In this photo illustration, a Twitter logo is displayed on a smartphone. (Photo Illustration by Omar Marques/SOPA Images/LightRocket via Getty Images)
SOPA Images via Getty Images

Twitter acknowledged today that there was a security vulnerability in its Android app that would have exposed private data such as Direct Messages if exploited by an attacker through a malicious app (via CNBC). The issue is now fixed and is related to an underlying Android OS security issue that only affects OS versions 8 and 9. According to Twitter, around 96 percent of people using Twitter for Android already have a security patch for this vulnerability. The company said it has not found any evidence that this security flaw was exploited, but it can’t be completely sure.

In order to ensure Android users are safe, Twitter has updated its Android app to ensure external apps can’t access its in-app data. In conjunction with that, it has also sent in-app notices to those affected, and required them to update their app to the latest version. It has also promised to identify “changes to our processes to better guard against issues like this.”

This security issue comes at a bad time for Twitter, which has recently struggled with a Bitcoin scam hack that affected high-profile accounts of celebrities, brands and politicians. The hack was supposedly done via a phone spear phishing attack that targeted employees, resulting in the hacker gaining access to credentials to internal systems. The hackers have since been arrested.

In this article: Twitter, news, gear
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
143 Shares
Share
Tweet
Share

Popular on Engadget

Elon Musk warns that Tesla's 'Battery Day' tech is two years away

Elon Musk warns that Tesla's 'Battery Day' tech is two years away

View
Microsoft keeps the same price for its new wireless Xbox controllers

Microsoft keeps the same price for its new wireless Xbox controllers

View
Microsoft’s Bethesda deal: Great for Game Pass, troubling for exclusives

Microsoft’s Bethesda deal: Great for Game Pass, troubling for exclusives

View
NASA's Mars 2020 rover passes its driving test

NASA's Mars 2020 rover passes its driving test

View
Logitech’s new MX Anywhere 3 mouse has buttons to control Zoom calls

Logitech’s new MX Anywhere 3 mouse has buttons to control Zoom calls

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr