Twitter has disclosed a vulnerability on its Android app that affects an estimated 4% of Twitter users running Android 8 or 9 on their devices. The vulnerability could allow an attacker to access private user data such as direct messages through another malicious app installed on the device.
According to Twitter’s estimation, over 96% of its users on Android already have a security patch installed that protects them from the Android system permissions vulnerability that could potentially cause a breach of privacy for millions of Twitter users whose Android devices still remain unpatched.
While Twitter isn’t sure that the vulnerability was exploited by anyone to gain access to user data including DM, they’ve confirmed that the issue doesn’t impact the security of any Twitter for iOS or Twitter.com user.
The company has updated its app with an extra layer of security that makes sure that no other app on the device can access Twitter’s in-app data and has requested users to update their Android apps too.
The company has also sent in-app notifications to anyone they deem vulnerable to the security threat.
“We recently discovered and fixed a vulnerability in Twitter for Android-related to an underlying Android OS security issue affecting OS versions 8 and 9. Our understanding is 96% of people using Twitter for Android already have an Android security patch installed that protects them from this vulnerability,” Twitter announced.
Last month, Twitter confirmed that 130 accounts, including that of Elon Musk, Jeff Bezos, Warren Buffet and Barack Obama, were hacked and tweeted cryptocurrency scam messages.
Out of those, the company identified that direct messages of 36 of the accounts were accessed by the hackers, including that of an elected official from Netherlands. This is in addition to the direct message data downloaded for eight of the hacked accounts via the ‘your Twitter data’ tool.