Personal information from “hundreds” of Facebook and Twitter accounts may have been exposed to unauthorised access, CNBC reports.
Security researches provided a report to the companies in which it revealed that the software development kit One Audience permitted access to personal data used to log into apps downloaded from the Google Play Store.
The exposed information includes usernames and email addresses, in addition to recent tweets from users of the Giant Square and Photofy app on Android devices.
There are no signs that the bug impacts iOS users.
The vulnerability was confirmed by Twitter, while Facebook also acknowledged the bug.
“After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn,” Facebook said.
Twitter account access
Twitter further noted that it may have been possible for unauthorised persons to access the Twitter account of an exposed user, although no such cases have been reported.
“We think it’s important for people to be aware that this exists out there and that they review the apps that they use to connect to their accounts,” said Twitter.
Both Twitter and Facebook have stated that they will notify affected users, while the former has said it has reported the vulnerability to Google and Apple.