Runs On Your Cloud
No Data Sharing
No Contract Required
Explore Now
Face Verification
Address Verification
Document Verification
Age Verification
VideoIdent
Fast ID
eIDV
NFC Verification
Consent Verification
Business Verification
Due Diligence
Investor Verification
E-Signature
Behavioural Biometrics
Device Fingerprinting
MFA
AML Screening
Business AML Screening
User Risk Assessment
Transaction Screening
Adverse Media Screening
Identity Verification
KYC
KYB
KYI
Bonus Abuse
Fraud Prevention
Banking
Crypto
Fintech
Forex
Gaming
Gig Economy
Marketplace
Social Networks
Product Managers
Compliance Officers
Fraud Analyst
Global Trust Platform
Journey Builder
Content library
Blogs
News
Reports
Insights
Knowledgebase
ROI calculator
Blind Spot Audit
Deepfake Detection
Liveness Detection
Document Originality
Document Deepfake
Events & Webinar
Podcast Studio
Spotlight Studio
API Documentation
Mobile SDKs
Service Status
Help Center
Contact Us
Technical Support
Compliance
Supported Document
About
Career
Press Release
Certifications
Partnership
Awards
Millions of Twitter and Facebook Users May Have Had Their Accounts Compromised
Facebook and Twitter announced on Monday that the personal data of millions of users may have been improperly accessed after they used their social media accounts to log in to several Android apps, downloaded from the Google Play Store.
Security researchers discovered that a mobile software development kit (SDK) named oneAudience gave third-party developers access to people’s personal data. This personal data includes email addresses. Usernames and most recent tweets of people who used their Twitter accounts to get access to such apps including Giant Square and Photofy.
In a blog, Twitter informed the people of this gross misconduct and also said that this activity may make it possible for a hacker to take control of someone’s Twitter account but there is no evidence that this occurred.
A Twitter spokeswoman, Lindsay McCallum said,
“We think it’s important for people to be aware that this exists out there and that they review the apps that they use to connect to their accounts.”
Twitter also announced that it will be informing users who were affected. The company has also informed Google and Apple about the vulnerability so that further action can be taken.
A Facebook spokesperson sent the following statement after the recent disclosure:
“Security researchers recently notified us about two bad actors, oneAudience and Mobiburn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores. After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn. We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email, and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts.”
This comes at a time when Facebook, Google, and Twitter are all facing heightened scrutiny from regulators concerning the use of personal data and its use by outside developers to track and target customers. The issue has been of particular concern ever since March 2018, ever since the Cambridge Analytica scandal. Cambridge Analytica accessed up to 87 million Facebook profiles in order to target ads for Donald Trump in the 2016 presidential election.
A Facebook spokesperson told The Verge that the company encourages people “to be cautious when choosing which third-party apps are granted access to their social media accounts.”
