Twitter was recently the subject of a controversial hack that allowed cybercriminals to take over official accounts of high-profile individuals, businesses, and services. These were then used to scam users to donate bitcoin with a promise that it will be doubled thereafter. While the developers were able to eventually wrestle back control, the damage has been done. Now it is urging those on Android to immediately update to the latest version to patch another security flaw.
If left unpatched, hackers will be able to exploit the operating system's permissions to access direct messages. This is an alarming issue that could expose personal information and compromise the privacy of many individuals who are registered with the social media platform. Based on their findings, this could be initiated by a malicious app installed on the device. Thus, people should avoid installing software that has not been certified by Google's Play Store.
"We recently discovered and fixed a vulnerability in Twitter for Android-related to an underlying Android OS security issue affecting OS versions 8 and 9. Our understanding is 96% of people using Twitter for Android already have an Android security patch installed that protects them from this vulnerability," as indicated by Twitter on its official blog.
"For the other 4%, this vulnerability could allow an attacker, through a malicious app installed on your device, to access private Twitter data on your device (like Direct Messages) by working around Android system permissions that protect against this," the post continued. However, Twitter claims that their investigation has yielded no evidence that this vulnerability was "exploited by hackers."
It seems that the rate of cybercrime has been growing amid the coronavirus outbreak as more people are online. The most recent security breach that affected the platform allowed hackers to run a cryptocurrency scam. So far, authorities have reportedly arrested three individuals allegedly responsible for the operation.
The developers pointed out that the method used was "phone spear phishing" targeting at higher-level employees of the company. It was earlier speculated that an employee received a substantial payment to provide internal tools that were then used by the cybercriminals to take over user accounts. As such, individuals are urged to regularly update their devices and software.