Malicious SDKs Used to Access Personal Data of Twitter, Facebook Users

Security researchers notified the two social networks, which, in turn, alerted Google and Apple

Malicious third-party software-development kits may have been used to access user data from some users on Twitter and Facebook.

Security researchers notified the two social networks about the potential vulnerability, and Twitter and Facebook, in turn, alerted Google and Apple so that they could take steps to secure their respective application stores.

Kate Rooney and Salvador Rodriguez of CNBC reported that people who used their credentials from the social networks to login to and access third-party apps including Giant Square and Photofy may have been impacted, and that the malicious SDKs were traced to mobile intelligence platform oneAudience and app monetization provider MobiBurn.

Twitter only cited oneAudience in a Help Center post alerting users about the issue, saying, “This issue is not due to a vulnerability in Twitter’s software, but rather the lack of isolation between SDKs within an app.



Subscribe today!

To Read the Full Story Become an Adweek+ Subscriber

View Subscription Options

Already a member? Sign in