Twitter has disclosed details of a new security vulnerability that may have exposed the direct messages of its Android device users. The company said Wednesday that the vulnerability could have exposed the data of Twitter users running devices with Android OS versions 8 and 9.
“This vulnerability could allow an attacker, through a malicious app installed on your device, to access private Twitter data on your device (like Direct Messages) by working around Android system permissions that protect against this,” Twitter said in a blog post.
The issue, which is now fixed, was related to an issue that only a small fraction of Twitter users experienced. Twitter said it was linked to an Android OS security issue that only affects systems 8 and 9. Around 96 percent of people using Twitter for Android already have a security patch for this vulnerability, Twitter said.
The issue didn’t impact users running Twitter for iOS or Twitter.com.
Notices sent to affected users
The social media platform said it doesn’t currently have any evidence that the vulnerability was exploited, but it “can’t be completely sure” that it wasn’t. In an effort to protect the small group of potentially vulnerable users, the company rolled out an update to its Android app to ensure external apps can’t access in-app data.
Twitter also sent in-app alerts to those affected and required them to update their app to the latest version. Going forward, Twitter has promised to identify “changes to our processes to better guard against issues like this.”
“To keep your Twitter data safe, please update to the latest version of Twitter for Android on all Android devices that you use to access Twitter,” the company said. “Your privacy and trust is important to us and we will continue working to keep your data secure on Twitter.”