Facebook and Twitter announced on Monday that the personal data of millions of users may have been improperly accessed after they used their social media accounts to log in to several Android apps, downloaded from the Google Play Store.
Security researchers discovered that a mobile software development kit (SDK) named oneAudience gave third-party developers access to people’s personal data. This personal data includes email addresses. Usernames and most recent tweets of people who used their Twitter accounts to get access to such apps including Giant Square and Photofy.
In a blog, Twitter informed the people of this gross misconduct and also said that this activity may make it possible for a hacker to take control of someone’s Twitter account but there is no evidence that this occurred.
A Twitter spokeswoman, Lindsay McCallum said,
“We think it’s important for people to be aware that this exists out there and that they review the apps that they use to connect to their accounts.”
Twitter also announced that it will be informing users who were affected. The company has also informed Google and Apple about the vulnerability so that further action can be taken.
A Facebook spokesperson sent the following statement after the recent disclosure:
“Security researchers recently notified us about two bad actors, oneAudience and Mobiburn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores. After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn. We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email, and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts.”
This comes at a time when Facebook, Google, and Twitter are all facing heightened scrutiny from regulators concerning the use of personal data and its use by outside developers to track and target customers. The issue has been of particular concern ever since March 2018, ever since the Cambridge Analytica scandal. Cambridge Analytica accessed up to 87 million Facebook profiles in order to target ads for Donald Trump in the 2016 presidential election.
A Facebook spokesperson told The Verge that the company encourages people “to be cautious when choosing which third-party apps are granted access to their social media accounts.”