Twitter on Wednesday disclosed a new security vulnerability that may have exposed the direct messages of users who access the service using Android devices.
According to Bleeping Computer, Twitter acknowledged today that there was a security vulnerability in its Android app that would have exposed private data such as Direct Messages. The issue is now fixed and is related to an underlying Android OS security issue that only affects OS versions 8 and 9.
The issue was related to an underlying issue with the Android operating system, and the company says that only 4 percent of Twitter users on Android are expected to have been vulnerable. It’s Twitter’s understanding that the other 96 percent of Android device users already have a security patch installed that protects against this bug. The issue did not impact Twitter’s website or its iOS app, the company said.
“This vulnerability could allow an attacker, through a malicious app installed on your device, to access private Twitter data on your device (like Direct Messages) by working around Android system permissions that protect against this,” the company said in a blog post.
Twitter said it has found no evidence that the hack has been exploited, but it’s urging those who may be vulnerable to update their Twitter app. The company will also notify users who may have been impacted. Additionally, it’s adding “extra safety precautions” that extend beyond Google’s standard Android protections to prevent such security issues in the future.
The new vulnerability comes just weeks after 130 of Twitter’s most notable users, including Elon Musk, Joe Biden and Bill Gates, had their accounts taken over by hackers as part of a bitcoin scam. Earlier this week, Twitter also disclosed that it expects to pay as much as $250 million USD to the Federal Trade Commission for using personal information users provided for security purposes to target advertising instead.