Facebook and Twitter users' data exposed through malicious Play Store apps

We’re little over a month away from ending Facebook’s nightmare of a year. But the nightmare is far from over, with the social media giant recently announcing yet another data security breach. Both Facebook and Twitter recently confirmed data of “hundreds of users” might have been improperly accessed.

According to a Twitter blog post, both the social media firms were notified about the security vulnerability by third-party security researchers. The data was improperly accessed after accounts were used for logging into Android apps from Google’s Play store. Mobiburn and One Audience, two app companies, misused app permissions of Facebook and Twitter by making use of SDK-laced with malicious code to get unauthorised access to personal information like emails, usernames, and tweets.

CNBC reported that affected accounts could also include those using photo editing apps like Photofy and Giant Square. Twitter has said that One Audience and Mobiburn were only able to retrieve user data from Android devices.

In a blog post, Twitter said; “We have evidence that this SDK was used to access people’s personal data for at least some Twitter account holders using Android. However, we have no evidence that the iOS version of this malicious SDK targeted people who use Twitter for iOS.”

The blog post also stated that the social media firm had already informed Apple and Google about the malicious SDK if they needed to take further action. A Facebook press statement confirmed that the firm had sent a cease and desist notice to the aforementioned app developers.

The latest data security leak comes at a terrible time for the platforms, when companies like Google, Facebook and Twitter are facing scrutiny from lawmakers and regulators.