security

Twitter Security Bug May Expose Some Android Users’ Private Messages, Company Reveals – Tech Times


Weeks after the now-infamous Twitter hack caused by 17-year-old Graham Ivan Clark, the company has revealed that there is a security bug that may potentially leak some Android user’s direct messages.

Twitter security bug

(Photo : Thomas Ulrich from Pixabay)
Twitter announced it found a security bug that could affect some Android users.

Twitter Announces Security Bug

According to a report by Financial Express, the company revealed that there might have been a security flaw that could expose the private messages of some Android users, but they also said that there is no evidence yet that the security bug has been exploited.

Basically, the bug could allow third-party malicious apps to access your private messages by by-passing the data permissions built-in on the Android app.

Nevertheless, the company said that the bug was patched onto Android Oreo and Pie, or versions 8 and 9, respectively, in October 2018, and apparently, the developers of the app were able to fix the problem since then.

Based on their stats, 96% of Twitter users on Android phones already have the patch that avoids the issue.

Although it has apparently been around since 2018, the company only found out about it quite recently a few weeks ago after a security researcher reached out to them via Twitter’s HackerOne, which is their bug bounty program.

Read Also: How to Easily Password Protect a PDF From Data Breach

Update Your App

After the company found out about the said bug, their team immediately went to work and fixed the issue to guarantee the safety and security of Android users and only waited for a few more weeks to report it to the public as they believe announcing it sooner would have made it easier for others to exploit it.

Therefore, they wanted to resolve the issue first before letting the public know about it.

The company is still urging the remaining 4% of Android users who still have not updated their app to its latest version, according to Independent. If you are among those who are using a vulnerable device, you should receive a notification from the company.

Additionally, the company is “identifying changes to our processes to better guard against issues like this.”

The Massive Twitter Hack

On July 15, Clark, along with two other accomplices, has attacked the company in what’s known as a “phone spear phishing attack” that Clark used to access the information of Twitter’s employees, which is used to crack the accounts of high-profile users such as Bill Gates, Elon Musk, Jeff Bezos, and Kanye West, among others.

Clark, 17, and the youngest of the culprits are said to be the mastermind behind the attack, which led these high-profile accounts to tweet a Bitcoin scam to their millions of followers.

The trio has been apprehended and is now in the custody of authorities.

In a recent TechTimes report, it has been discovered that Clark used to be a Minecraft scammer as he would sell usernames or in-game items to other players, and once the transaction has gone through, he would block them on the game.

He was also involved in a Bitcoin theft, with legal and social media records.

Since the incident, Twitter is taking its security a lot more seriously to prevent these massive hacks from happening again.

Read Also: Russian-Speaking Threat Actor Leaked 1,800 Pulse VPN Servers and Login Details in Hackers’ Forum

This article is owned by TechTimes.

Written by: Nhx Tingson

ⓒ 2018 TECHTIMES.com All rights reserved. Do not reproduce without permission.





READ SOURCE

Leave a Reply