Twitter’s posted a statement on its Privacy blog, notifying of the discovery of a security vulnerability in its Android app. It offered the possibility to allow a bad actor control over your profile (including sending tweets and DMs) and access to otherwise non-public information if they were to insert malicious code into restricted storage areas of the Twitter app.
Twitter says it has no evidence whether anyone’s actually exploited the vulnerability but is taking the necessary measures. Based on the specific version of Android and the Twitter app, people who could have been exposed are being contacted with instructions on how to proceed via email or inside the app. Updating to the latest version of Twitter for Android is always a safe bet, as well.
Twitter for iOS, meanwhile, wasn’t affected.