Twitter on Friday admitted a malicious code was inserted into its app by a bad actor that may have compromised some users’ information worldwide, including in India, as people woke up to an email from Twitter, warning them to update the app for Android. The vulnerability within Twitter for Android could allow the bad actor to see non-public account information or to control your account (send Tweets or Direct Messages), said an apologetic Twitter.
Earlier today, Twitter sent out an email to all the Twitter Android users confirming that the company has fixed a critical vulnerability in the Android app that could have exposed account information.
We recently fixed a vulnerability within Twitter for Android that could allow a bad actor to see nonpublic account information or to control your account (i.e., send Tweets or Direct Messages). Before the fix, through a complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app, it may have been possible for a bad actor to access information (e.g., Direct Messages, protected Tweets, location information) from the app.
We don’t have evidence that malicious code was inserted in to the app or that this vulnerability was exploited, but we can’t be completely sure so we are taking extra caution.
In a mega data breach last year, the micro-blogging platform alerted all users to change their password after it discovered a bug that stored passwords in plain text in an internal system.
“Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password,” said Parag Agrawal, Chief Technology Officer at Twitter.