Facebook Inc. and Twitter Inc. warned Monday that the personal information of hundreds of users may have been exposed after they logged into Android apps such as Giant Square and Photofy that were downloaded from the Google Play store. The companies said they were notified by securities researchers that a software development kit, One Audience, allowed third-party developers access to personal data such as email addresses, user names and recent tweets. Twitter, which said it will inform users affected, has also notified Alphabet Inc.’s Google and Apple Inc. about the vulnerability. A Facebook spokesman told MarketWatch in an email message: “Security researchers recently notified us about two bad actors, One Audience and Mobiburn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores. After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn. We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts.” The security disclosure comes amid increasing scrutiny from federal regulators over how Facebook, Google, Twitter, and others handle the personal information of consumers.”
Facebook, Twitter warn users of security flaw linked to Android apps
Facebook Inc. and Twitter Inc. warned Monday that the personal information of hundreds of users may have been exposed after they logged into Android apps such as Giant Square and Photofy that were downloaded from the Google Play store. The companies said they were notified by securities researchers that a software development kit, One Audience, allowed third-party developers access to personal data such as email addresses, user names and recent tweets. Twitter, which said it will inform users affected, has also notified Alphabet Inc.'s Google and Apple Inc. about the vulnerability. A Facebook spokesman told MarketWatch in an email message: "Security researchers recently notified us about two bad actors, One Audience and Mobiburn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores. After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn. We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts." The security disclosure comes amid increasing scrutiny from federal regulators over how Facebook, Google, Twitter, and others handle the personal information of consumers." Read More...
Add Comment