Facebook and Twitter announced on Monday that the companies were notified about malicious software development kits (SDKs) that allowed certain apps to collect users’ data from the apps without their permission. Paul Thurrott reports: The main culprits here are One Audience and Mobiburn, developers of the malicious SDKs that apparently paid developers to use the SDKs and secretly collect users data. Twitter noted that the issue isn’t due to a vulnerability in its software. The breach was caused by “the lack of isolation between SDKs within an application,” according to the company. The company also said that the malicious SDKs could allow apps to access personal information like your email, username, and your last tweet without your permission. “We have evidence that this SDK was used to access people’s personal data for at least some Twitter account holders using Android, however, we have no evidence that the iOS version of this malicious SDK targeted people who use Twitter for iOS,” the company said. The two social networks said that they will notify the affected users about the breach.
Read more of this story at Slashdot.
Source:
https://tech.slashdot.org/story/19/11/26/0159227/facebook-and-twitter-users-data-exposed-due-to-third-party-sdk-bug?utm_source=rss1.0mainlinkanon&utm_medium=feed