Facebook, Twitter notifying users about potential security flaw

Latest security flaw raises questions about data safety

Facebook and Twitter plan to notify scores of users whose personal data may have been improperly accessed after logging into certain Android apps, the companies said Monday.

Continue Reading Below

Twitter said there is no indication that iOS users were affected.

The social media giants received a report from security researchers regarding "bad actors" who reportedly gave third-party developers access to personal data such as email addresses, usernames and the most recent tweets of people.

Facebook told FOX Business Monday that it launched an investigation after learning software developers received payment from One Audience and Mobiburn to use malicious software for apps in popular app stores.

FACEBOOK DISABLES TAG-SUGGESTIONS TOOL AMID PRIVACY CONCERNS

The company has since removed the apps from its platform.

"After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn," a Facebook spokesperson told FOX Business Monday. "We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts."

Twitter said the issue was not due to a vulnerability with its software and is also notifying users because it wants them to be aware of things that could impact their account security.

WEB INVENTOR ISSUES A 'BILL OF RIGHTS' TO SAVE THE INTERNET

"Our security team has determined that the malicious [software development kits] which could be embedded within a mobile application, could potentially exploit a vulnerability in the mobile ecosystem to allow personal information (email, username, last Tweet) to be accessed and taken using the malicious [software development kits]. While we have no evidence to suggest that this was used to take control of a Twitter account, it is possible that a person could do so," Twitter said in a blog post Monday.

Twitter says it informed Google and Apple about the malicious activity so they can take further action if needed.

Twitter said users who think they may have downloaded a malicious application from a third-party app store should delete it immediately.

GET FOX BUSINESS ON THE GO BY CLICKING HERE