In another case of possible data breach, micro-blogging website Twitter has admitted that a malicious code was inserted into its app by a ‘bad actor’ that may have compromised some users’ information worldwide, including in India. In a tweet, the platform accepted that the new vulnerability for Android could allow the bad actor to see non-public account information or to control your account (send Tweets or Direct Messages). The company said it does not have direct evidence that malicious code was inserted into the app or that this vulnerability was exploited.
In both the cases, your data remains under threat. The platform has not revealed the number of users that might have been affected. It, however, is informing the affected users through notifications on Twitter app or by email. “We have taken steps to fix this issue and are directly notifying people who could have been exposed to this vulnerability either through the Twitter app or by email with specific instructions to keep them safe,” Twitter said.
How to stay safe?
There are two ways through which you can ensure that your account is not accessed by anyone else. First and foremost, you must change the password of your Twitter account. Make sure that the new password is not similar to the old one. Then, you need to update to the latest version of the Twitter app, in which the vulnerability has been fixed. This can be done through Google Play Store.
“Prior to the fix, through a complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app, it may have been possible for a bad actor to access information (Direct Messages, protected Tweets, location information) from the app,” Twitter said in a statement. Users should update their Twitter for Android app via Google Play,” the platform said.
Notably, the iPhone users have not been affected by the latest hit.
“We’re sorry this happened and will continue working to keep your information secure on Twitter,” said the company in the email sent to the Indian users, adding that those affected can also reach out to Twitter’s Office of Data Protection, requesting information regarding their account security.
Twitter has faced several vulnerabilities on its platform in the recent past.