Twitter disclosed that a security flaw could theoretically spill the direct messages from certain Android users. The announcement came weeks after the now-infamous Twitter breach triggered by 17-year-old Graham Ivan Clark.
The vulnerability allows malicious third-party apps to access your private messages (such as Direct Messages) by bypassing the data permissions built-in in the Android app.
According to the social media site, the hackers did not abuse the security problem despite security vulnerability.
Nevertheless, the company installed the patch onto Android Oreo and Pie (versions 8 and 9), respectively, in October 2018. The app developers have fixed the issue.
Based on their figures, 96 percent of Android phone users already have the patch to stop the bug.
Update your app
While the patch has actually been running since 2018, the organization found out about the bug weeks ago. A security researcher met them via HackerOne, their bug bounty system.
After the company found out about the said bug, Twitter immediately fixed the issue to ensure Android users’ safety and security. The team waited for a few more weeks to report it to the public.
The team believes the security bug would have made it easier for others to exploit it sooner. Hence, they wanted to solve the problem before letting the public know about it.
“Since then, we have been working to keep accounts secure,” said the spokesperson. “Now that the issue has been fixed, we’re letting people know.”
It is important to remember that Twitter can not be absolutely sure whether nobody has really exploited this problem, ensuring whether users will take precautions to be safe.
The social media platform also encourages Android users to update their app to new version. If you are among those who are using a vulnerable device, the company should notify you through in-app warnings.
Users will also need to upgrade Twitter to continue to use it. Other applications won’t access to Android Twitter app once its updated. The app developers added ‘extra safety precautions’ that exceeds what Android itself offers, according to the firm.
The organization is now “identifying improvements to our procedures to help protect against these problems.”
The massive hack
Clark and two other accomplices targeted Twitter on July 15 through an “internet spear phishing operation.” Clark used to hack the social media platform’s employee records to break the accounts of high-profile users. The users include Bill Gates, Elon Musk, Jeff Bezos, and Kanye West.
Reports said Clark, 17, and the youngest of the guilty is the mastermind behind the attack. They used the high-profile accounts to tweet their millions of followers with a Bitcoin scam.
Reports claim that Clark used to be a scammer for Minecraft. He would sell usernames or in-game items to other players. Afterward, he blocked them on the game once the transaction has passed. Clark was also involved in a Bitcoin theft.
Authorities arrested the three suspects. The culprits are currently in police detention.
Twitter also revealed earlier this week that they’ll pay the Federal Trade Commission as much as $250 million to use personal information users provided to target advertising for security purposes instead.