Earlier today, Twitter sent out an email to all the Twitter Android users confirming that the company has fixed a critical vulnerability in the Android app that could have exposed account information.
In the detailed blog published by the company, Twitter confirmed that they didn’t find evidence of a breach or if the vulnerability was exploited in the wild. As a precaution, Twitter has informed users through emails and the app to ensure their accounts are secure. The company has also sent out instructions to the users and have published an update to the Android app.
We recently fixed a vulnerability within Twitter for Android that could allow a bad actor to see nonpublic account information or to control your account (i.e., send Tweets or Direct Messages). Prior to the fix, through a complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app, it may have been possible for a bad actor to access information (e.g., Direct Messages, protected Tweets, location information) from the app.
We don’t have evidence that malicious code was inserted into the app or that this vulnerability was exploited, but we can’t be completely sure so we are taking extra caution.
Twitter said that they have not found any evidence of the vulnerability on other platforms including iOS. If you have received an email from Twitter and are sceptical about your account information then you can reach out to Office of Data Protection through this form to request information regarding your account security.