Twitter says “malicious code” may have compromised accounts
Merry Christmas Twitter-verse! Your Christmas gift from the social media company is that some of your accounts may have been compromised due to the insertion of a malicious code. Even though they say that there was no evidence that this code was exploited, they still had to warn users about the possibility that someone had the opportunity to access the non-public parts of their account. The issue has already been fixed and users are advised to update to the latest version to be sure.
Twitter says the vulnerability would have allowed a bad actor to basically take over your account as they could see non-public information and control your account by sending out tweets or direct messages etc. This would have happened through a “complicated process” of inserting malicious code into those restricted storage areas of the app. Your protected information like location, protected tweets, direct messages, would have been vulnerable.
The sort of good news is that they don’t have any evidence that the code was inserted or that anyone took advantage of this vulnerability and exploited this. The sort of bad news is that they’re not entirely sure that no “bad character” was able to access this and so they took steps to both inform users that may have been affected and to fix the vulnerability. They directly emailed users and gave “specific instructions” to keep their accounts safe.
They say the issue was fixed in the Twitter for Android version 7.93.4 (for KitKat) and 8.18 (for Lollipop and newer) that was released back in November and October respectively. So users are of course advised to update their Android app to the latest version even if they were not informed that their accounts were vulnerable. And as an added safety guarantee, you should probably change your password.
This kind of vulnerability, while “complicated” is still pretty scary, especially since we know there are a lot of bad characters out there that would exploit this for monetary gain or even just because they can. It doesn’t help some people’s paranoia that all our information out there on the Internet is always vulnerable. So constantly make sure your passwords are always updated and not stupidly easy to hack.
