Malicious SDK may have stolen personal data of Facebook, Twitter users

By Digit NewsDesk | Published on Nov 26 2019
Malicious SDK may have stolen personal data of Facebook, Twitter users

#TimeSmartsNow with super power-efficient #HONORMagicWatch2

A timepiece so advanced yet personal, the #HONORMagicWatch2 has style, substance and a superb battery life of 2 weeks! Sale starts on 18th Jan

Click here to know more

HIGHLIGHTS

SDKs maintained by Oneaudience and Mobiburn could exploit a vulnerability in the mobile ecosystem to access personal data

Twitter’s security team claims to have found evidence that it was used to access personal data of some Twitter users

Both company’s plan to notify all users who have been affected by the issue

It seems like there has been yet another data leak. Both Facebook and Twitter have announced that the personal data of multiple users, who use their social media accounts to log into certain apps that were downloaded from the Google Play Store. 

In its official statement, Twitter noted that the vulnerability was not is Twitter’s software, but rather a lack of isolation between SDKs within an application. The micro-blogging site claims that the SDK maintained by oneAudience could be embedded within a mobile application, and could exploit a vulnerability in the mobile ecosystem. This could include access to personal information such as email, username, and last Tweet. Twitter also notes that while it could not find any evidence that the SDK was used to take over an account, it is possible to do so. However, it did find evidence that it was used to access personal data of some Twitter users on Android, but notes that there is no evidence that the iOS version of the SDK targeted people who use Twitter for iOS. Twitter also says that it informed both Google and Apple about the malicious SDK, so they those companies can also take the necessary action.

In a statement to CNBC, a Facebook spokesperson noted that there besides Oneaudience, Mobiburn was also developing malicious SDKs. Following its own investigation, Facebook claims that the apps have been removed from the platform and it has issued cease and desist letters against Oneaudience and Mobiburn. 

Both Facebook and Twitter plan to personally notify users affected by the issue. Twitter advises users to check which third-party apps users have authorised to their account and remove any that they do not recognise or no longer use. Facebook advises users to be more careful when selecting third-party apps to grant access to.

logo
Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.