Twitter just fixed a bug in its Android app that could have given hackers access to private messages
- Twitter fixed a vulnerability in its Android app that could have given intruders access to private user data if exploited, the company said.
- Twitter said there's no evidence this vulnerability has been exploited, and it's only said to impact 4% of those using Twitter on Android.
- The social media company is urging those who may be impacted to update their Twitter app for Android.
- The discovery comes after Twitter suffered a massive attack in July that saw the accounts of celebrities, politicians, and companies overtaken as part of a bitcoin scam.
Twitter fixed a vulnerability in its Android app that if exploited could have enabled hackers to access a user's private data, such as direct messages, the company said on Wednesday.
The issue was related to an underlying issue with the Android operating system, and the company says that only 4% of Twitter users on Android are expected to have been vulnerable. It's Twitter's understanding that the other 96% of Android device users already have a security patch installed that protects against this bug. The issue did not impact Twitter's website or its iOS app, the company said.
Twitter said it has found no evidence that the hack has been exploited, but it's urging those who may be vulnerable to update their Twitter app. The company will also notify users who may have been impacted. Additionally, it's adding "extra safety precautions" that extend beyond Google's standard Android protections to prevent such security issues in the future.
Twitter didn't provide many details on how the attack would work. It only said that malicious actors could use an app installed on a user's device to access private data by circumventing an Android system permission.
In addition to sending notifications to those who may have been vulnerable, Twitter also sent this message to users on Wednesday.
The revelation comes on the heels of a massive Twitter hack last month, in which dozens of high-profile accounts had their accounts taken over as part of a bitcoin scam. Those impacted by the July attack included former president Barack Obama, Tesla CEO Elon Musk, and rapper Kanye West.
A Florida teen was arrested on 30 charges related to the hack, which was executed through a social engineering attack used to gain access to internal systems and tools. Federal prosecutors have also charged two others in connection with the scheme.