Twitter Fixes Bug that Enabled Takeover of Android App Accounts

Twitter for Android users are urged to update their app to fend off a security bug that allows hackers to access private account data and control accounts to send tweets and direct messages.

Twitter for Android users are being urged to update their app to avoid a security bug that allows a malicious user to access private account data and could also allow an attacker to take control of accounts to send tweets and direct messages. The warning comes from Twitter who said there are no indications the flaw was exploited and that the fix requires a simple app update.

The company said impacted Twitter users will be contacted via email or via Twitter itself if they are vulnerable to attack. Some users impacted by the bug were sent a message that read: “Please update to the latest version of Twitter for Android as soon as possible to make sure your account is secure.”

In a post late last week, Twitter said to exploit the flaw a hacker must first insert malicious code into a restricted storage areas of the Twitter app. The company did not disclose any further technical details of the hack.

According to Twitter Support, the bug impacts older versions of Android and that versions 7.93.4 (KitKat – released Nov. 4, 2019) and version 8.18 (Lollipop – released Oct. 21, 2019) and after have already been updated with the fix. According to the Google Play download page for Twitter for Android the app was last updated Dec. 17, 2019.

Twitter also reminded users that it does not support Twitter for Android running on versions of Android older than KitKat, released October 31, 2013.

“If you’re unable to update your app, use https://twitter.com. We’re sorry about this and we’ll continue working to keep your information secure on Twitter,” Twitter Support wrote via Twitter.

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.