Twitter announced Wednesday, August 5, 2020, its latest security flaw. According to the disclosure by the social networking app, users with devices on Android OS versions 8 and 9 may have had their direct messages exposed, reports CNBC.
There are no signs that the vulnerability was exploited. The flaw also did not and does not affect Twitter of iOS and Twitter.com.
The new flaw comes weeks after approximately 130 high-profile users have been hacked on the app as part of a supposed bitcoin scam.
Tech Crunch states that the security flaw on the Android app may have obtained the Android Twitter user’s direct messages stored in its Twitter app by bypassing data permissions. Reportedly patched in October 2018, the bug has only affected Android 8 and Android 9, otherwise known as Oreo and Pie.
In a blog post, the bird application said, “This vulnerability could allow an attacker, through a malicious app installed on your device, to access private Twitter data on your device (like Direct Messages) by working around Android system permissions that protect against this.”
In a statement to Tech Crunch, a company spokesperson said that the security flaw was reported to the firm a few weeks ago via HackerOne. The bird app states that it leverages HackerOne as part of its bug bounty program, rewarding those who find vulnerabilities within its respective system.
Although the company maintains that there is no evidence showing the vulnerability was exploited, it had informed users whose data or private messages may have been compromised. Moreover, the bird application has also released an update for its Android app to patch the said flaw, notes CNBC.
Those who may have been affected by the incident have already been prompted to update their Twitter app on Android. At the same time, the firm reportedly enacted enhanced security measures to avoid similar issues from arising in the future.
Though most users have already updated their apps, around 4 percent still remain vulnerable and are still running an old version. As such, pop-up messages have informed individuals regarding the incident, saying in its blog post, “Your privacy and trust is important to us and we will continue working to keep your data secure on Twitter.”
Though the bird app disclosed the incident to the public, the BBC points out that the company failed to acknowledge why the vulnerability arose in the first place. The number of users affected by the flaw also remains undisclosed.
As of writing, the company claims to have more than two billion users around the globe.
