Facebook and Twitter data exposed to developers due to app store bug

‘Hundreds of users’ were impacted

Twitter logo
Twitter said that it has notified Google and Apple of the vulnerability “so they can take further action if needed.”

On Monday, Facebook and Twitter announced that the data of “hundreds of users” may have been improperly accessed after their accounts were used for logging into Google Play Store apps on Android devices. The issue was first reported by CNBC. So far, there is no indication that iOS users were affected.

The researchers discovered that a development kit named One Audience gave outside developers access to personal information, including usernames and email addresses. If someone used their Twitter account to log in to these apps, their most recent tweets were also accessible. CNBC said that users of photo editing apps like Giant Square and Photofy could be affected.

A Facebook spokesperson gave the following statement:

After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn. We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts.

Reached for clarification on the specific data revealed, Facebook said any data shared with the app could have been leaked, but the specific information “depends on the app and the permissions users allowed.”

In a blog post published on Monday, Twitter said that the “issue is not due to a vulnerability in Twitter’s software, but rather the lack of isolation between SDKs [software development kits] within an application.” The company will notify users of Twitter for Android who may have been impacted.


Please enter your comment!
Please enter your name here