Security & Fraud

Malicious Apps Gained Access To Some Facebook, Twitter Users’ Personal Info

Twitter, Facebook

After using their accounts to log into specific Android apps downloaded from the Google Play store, Twitter and Facebook noted that the personal information of hundreds of users might have been accessed improperly. The tech firms received a report from researchers who came across the oneAudience software development kit (SDK) that provided third-party developers with access to personal information, CNBC reported.

Twitter noted that it would be informing affected users, and has let Google and Apple know about the flaw so they can take additional action. Lindsay McCallum, a Twitter spokeswoman, said per the report, “We think it’s important for people to be aware that this exists out there, and that they review the apps that they use to connect to their accounts.”

A spokesperson for Facebook said in a statement regarding the disclosure on Monday (Nov. 25), according to CNBC, “Security researchers recently notified us about two bad actors, oneAudience and MobiBurn, [which] were paying developers to use malicious [SDKs] in a number of apps available in popular app stores. After investigating, we removed the apps from our platform for violating our platform policies, and issued cease and desist letters against oneAudience and MobiBurn.”

Twitter continued, “We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information, like name, email and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts.”

In separate news, a report surfaced in August that a security firm discovered that dozens of fraudulent Android adware apps have been downloaded over 8 million times from the Google Play store. Security firm Trend Micro said at the time that it discovered 85 individual apps that were disguised as games and photo-editing apps, and had ads that would take over users’ screens as part of a money-making scheme. All the fraudulent apps had since been removed from the Google Play store, per the report.


Featured PYMNTS Study: 

With eyes on lowering costs to improving cash flow, 85 percent of U.S. firms plan to make real-time payments integral to their operations within three years. However, some firms still feel technical barriers stand in the way. In the January 2020 Making Real-Time Payments A Reality Study, PYMNTS surveyed more than 500 financial executives to examine what it will take to channel RTP interest into real-world adoption. Here’s what we learned.