Twitter said it fixed a critical security vulnerability in its app for Android that could allow a hacker to take over a user’s account — and send tweets or direct messages as well as see private account info.
In a tweet Friday, Twitter’s support team urged Android users to “update your app as soon as possible,” pointing latest version of the Twitter Android app (available on Google Play at this link). Twitter said the security flaw did not affect its app for Apple’s iOS.
“We recently fixed a vulnerability within Twitter for Android that could allow a bad actor to see nonpublic account information or to control your account (i.e., send Tweets or Direct Messages),” the company explained a blog post about the app update.
In the previous version of the Android app, a hacker could have inserted “malicious code” into restricted storage areas of the app that would let them take over an unsuspecting user’s account. Twitter said it doesn’t have evidence that the vulnerability was exploited, “but we can’t be completely sure so we are taking extra caution,” the company said in the post.
“We have taken steps to fix this issue and are directly notifying people who could have been exposed to this vulnerability either through the Twitter app or by email with specific instructions to keep them safe,” Twitter continued. “These instructions vary based on what versions of Android and Twitter for Android people are using. We recommend that people follow these instructions as soon as possible. If you are unsure about what to do, update to the latest version of Twitter for Android.”
Twitter also said that users may contact the company’s Office of Data Protection (via a form at this link) to request information regarding their account security.
According to Twitter, the security issue was fixed in the app update released earlier this week on Google Play for the most recent releases of Android OS “KitKat” (version 7.93.4) and “Lollipop” (version 8.18 and later). Twitter for Android is no longer supported on Android OS versions older than KitKat.