#BugAlert: Critical security flaw in Twitter, update app immediately
What's the story
After Facebook, Amazon's Ring, and SonyLIV, microblogging giant Twitter has disclosed a vulnerability, one that may have compromised the accounts of its users. The company announced the security issue just recently and has started issuing personal warning alerts informing potentially affected customers about the flaw and the next steps to stay safe. Here's all you need to know about it.
Issue
Android app plagued by the glitch
The bug in question existed in Twitter's Android app and opened a way for a threat actor to compromise user accounts, steal personal information. Specifically, the company said, it could have been exploited by a hacker - by inserting malicious script into restricted storage areas of the app - to break into accounts, see private information like DMs, location or control the accounts entirely.
Evidence
Twitter isn't sure if someone hacked the service, stole data
In a blog post detailing the bug, Twitter emphasized that it has not found any evidence indicating that someone actually exploited the issue or gained access to user accounts. However, at the same time, the company added that "we can't be completely sure so we are taking extra caution" and alerting users who had the buggy version of the app installed on their phones.
Impact
No word on total number of affected users
Twitter didn't specifically say how many of its users were affected by the bug but claimed that the scope of the issue was limited to its Android app and that iOS users were not at risk. It also noted that a fix for the glitch has been released and users can apply it by simply updating their Twitter app to the latest version.
Quote
Users being alerted to apply fix, secure accounts
"We have taken steps to fix this issue and are directly notifying people who could have been exposed to this vulnerability...with specific instructions to keep them safe," Twitter said. "These instructions vary based on what versions of Android and Twitter for Android people are using."
Twitter Post
Here is Twitter's public notification
We recently fixed a vulnerability within our Android app. To keep your account safe, please update your app as soon as possible. The update is available here: https://t.co/ImcsssBt9b
— Twitter Support (@TwitterSupport) December 20, 2019
Previous issues
This isn't the first time Twitter has committed a mistake
While Twitter's security-related debacles aren't as scary as those of Facebook, there is also no denying that the microblogging site has had its fair share of problems. Recently, the company admitted to using 2FA numbers for ad-targeting and before that, in 2018, the company had admitted to storing passwords of 330 million users in plain text and leaking phone numbers.