In a recent blog post, social media network Twitter has revealed that several of its users may have had their data breached by third-party applications having gained access to the accounts. Along with it, Facebook has also admitted to a similar breach on its platform as well by similar elements.
The software developers named are OneAudience and Mobiburn. The two affected Facebook, while only the former is said to have had affected twitter so far.
The two, the networks say, developed faulty applications, with a Software Development Kit (SDK) that exploited vulnerabilities on the mobile applications of their platforms. Once users signed onto their respective social media handles through the developers’ supported third-party apps, these could improperly access their names, genders, emails, usernames, and potentially even people's last tweets on Twitter. In fact, although there aren’t any known instances of it, Twitter has said that the software even had the potential to gain complete access over a user’s account.
Twitter worded its statement as 'personal information (email, username, last Tweet) to be accessed and taken using the malicious SDK' which means that the data might have even been accessed and stored elsewhere.
Facebook and Twitter both would be notifying the users that it knows have been impacted by the breach. While Twitter has not shared any numbers, Facebook has revealed that the affected users are known to be 9.5 million.
This does induce a feeling a déjà vu back to the Cambridge Analytica scandal where third party apps had been exposed to be using personal user data for voter profiling, targeting political ads.
However, after reports of the exploitation reached the companies, via security researchers, it is known that the two have taken up measures to hamper the apps’ current usage. Twitter mentioned that it has contacted both Google and Apple (Although, only android users seem to have been affected by the breach so far) and other industry partners. Meanwhile, Facebook has sent cease and desist letters to both OneAudience and Mobiburn for violating its policies and removed the apps from their platform, according to a statement it gave to CNBC.
The company further also encouraged users to be more careful about the permissions to give to various third party apps.