This week, Twitter confirmed the vulnerability in its Android app that could let hackers see your “nonpublic account information” and activate your account to send tweets and direct messages.
According to a Twitter Privacy Center blog posted Friday, the (lately patched) security situation could allow hackers to gain control of an account and access information like location info and secured tweets “through a complicated course of involving the insertion of malicious code into limited storage areas of the Twitter app,” potentially placing the app’s millions of users in danger. A tweet from Twitter support later elaborated that the issue was mounted for Android version 7.93.4 (released in November for KitKat) as well as version 8.18 (released in October for Lollipop and newer).
The weblog publish went on to say that there’s presently no proof to suggest any bad actors have misused this bug, however, “we can’t be fully sure” so Twitter’s taking a proactive answer. It’s presently emailing customers who’re most in jeopardy for this exploitation and offering directions on how to update the app.
While this doesn’t seem like the same vulnerability a hacker exploited to co-opt Twitter CEO Jack Dorsey’s account again in August, you can measure by that lapse just how difficult these security issues can be.