Facebook and Twitter say hundreds of users gave improper access to data through third-party apps
CEO of Twitter, Jack Patrick Dorsey, speaks during an exclusive interview with Hindustan Times at Twitter India office, at the Crescent, on November 14, 2018 in New Delhi, India.
Burhaan Kinu | Hindustan Times | Getty Images
Facebook and Twitter on Monday announced that personal data of hundreds of users may have been improperly accessed after they used their accounts to log into certain Android apps downloaded from the Google Play store.
The companies received a report from security researchers who discovered that a software development kit named One Audience gave third-party developers access to personal data. This includes the email addresses, usernames and most recent tweets of people who used their Twitter accounts to access apps including Giant Square and Photofy.
The company also said that it may have been possible for a person to take control of someone else's Twitter account through this vulnerability, though there is no evidence that this occurred.
"We think it's important for people to be aware that this exists out there and that they review the apps that they use to connect to their accounts," said Lindsay McCallum, a Twitter spokeswoman.
Twitter said it will be informing users who were affected. The company said it has also informed Google and Apple about the vulnerability so that they can take further action.
The warning comes as Facebook, Google and Twitter are all facing heightened scrutiny from regulators, lawmakers and users for the ways that personal data is used by outside developers to track and target consumers. The issue has been of particular concern since March 2018, when reports surfaced that analytics firm Cambridge Analytica improperly accessed up to 87 million Facebook profiles, in part to target ads for Donald Trump in the 2016 presidential election. Facebook later suspended tens of thousands of apps after investigating its ecosystem.
A Facebook spokesperson sent the following statement regarding Monday's disclosure:
"Security researchers recently notified us about two bad actors, One Audience and Mobiburn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores. After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn. We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts."
WATCH: Here's how to see which apps have access to your Facebook data — and cut them off
Read More
No comments