On Monday, Facebook and Twitter announced that the data of “hundreds of users” may have been improperly accessed after their accounts were used for logging into Google Play Store apps on Android devices. The issue was first reported by CNBC. So far, there is no indication that iOS users were affected.
The researchers discovered that a development kit named One Audience gave outside developers access to personal information, including usernames and email addresses. If someone used their Twitter account to log in to these apps, their most recent tweets were also accessible. CNBC said that users of photo editing apps like Giant Square and Photofy could be affected.
A Facebook spokesperson gave the following statement:
After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn. We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts.
In a blog post published on Monday, Twitter said that the “issue is not due to a vulnerability in Twitter’s software, but rather the lack of isolation between SDKs [software development kits] within an application.” The company will notify users of Twitter for Android who may have been impacted.