Personal Data Of Users Was Improperly Accessed By Third-Party Apps, Claim Facebook & Twitter
Facebook and Twitter announced Monday that hundreds of users might have let their personal data be improperly accessed after logging into certain third-party apps downloaded from Google Play store using their accounts.
The security breach has affected android users who used their Facebook and Twitter accounts to access the Giant Square and Photofy apps downloaded from the Google Play store. As of now, there are no reports of iOS users being impacted by the data breach.
Security researchers gave the tech giants a report warning that One Audience and Mobiburn, two software development kits, let third-party developers access personal data of users, including email addresses, usernames and most recent tweets of people who used their Twitter accounts to access the apps.
Facebook and Twitter say hundreds of users accidentally gave improper access to personal data through third-party apps https://t.co/YIdvGhI4pA
— CNBC (@CNBC) November 25, 2019
“Security researchers recently notified us about two bad actors, One Audience and Mobiburn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores,” Facebook said in a statement released Monday.
“After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn.”
The tech giants said that this vulnerability lets a person take over someone else’s Twitter account, although there was no evidence of such a thing happening. Twitter said it will be informing the users who are affected by the data breach. They have also informed Google and Apple about the vulnerability to enable them to take further action.
“We think it’s important for people to be aware that this exists out there and that they review the apps that they use to connect to their accounts,” Lindsay McCallum, a Twitter spokeswoman, told CNBC.
Mobiburn, one of the SDKs embroiled in the controversy, said that it does not collect, share or monetize data from Facebook and that it only facilitates the process by introducing mobile application developers to the data monetization companies. They added that they would be stopping all their activities until the investigation on third-parties is finalized.
The security breach comes at a time when Google, Facebook, and Twitter are under heightened scrutiny from regulators and lawmakers for the way they handle the personal data of the users.
© Copyright IBTimes 2024. All rights reserved.
-
Canada AI Project Hopes To Help Reverse Mass Insect Extinction
-
Aid Groups Express Horror At US Mines For Ukraine
-
As Trump Returns, China Seizes Chance For Climate Mantle
-
Taxing The Richest: What The G20 Decided
-
US Agency Opens Two Probes Into Ford Vehicles Amid Quality Control Concerns
-
Trump-Inspired Campaign Playbook? Polish Presidential Aspirant Vows To Turn Poland Into 'Crypto Haven'
-
Urban Mosquito Sparks Malaria Surge In East Africa
-
Sex, Drugs And Gritty Reality On Prague's Underworld Tours
-
Defiant Lebanese Harvest Olives In The Shadow Of War
-
'Critically Endangered' African Penguins Just Want Peace And Food
