Twitter and Facebook Confirm Android Breaches

Facebook and Twitter recently announced their concerns of an Android bug accessing users’ personal information via the Google Play Store. These include names, usernames, genders, emails, and tweets.

Security researchers notified Facebook of oneAudience and MobiBurn, who pay developers to use malicious software developer kits in applications. Mobile Software Development Kits could allow third parties to access data beyond what users agreed on.

The larger social media company promised to remove the apps that violated platform policies. They also issued cease and desist letters against the offenders.

Users who shared the apps their profile permissions should anticipate notifications.

The microblogging site said they have no evidence that suggests these developers take control of an account.

Facebook encouraged users to be cautious of which third-party apps can access their social media accounts. Twitter told users to “be aware that this exists,” urging users to review connected apps.

In the same post, the microblogging site said SDK is in apps from the Google Play Store. They claim it could “exploit a vulnerability in the mobile ecosystem” to give third-parties access to personal data.

No evidence suggested impacts on iOS.

Google and Apple found out about the issue and said they would notify users. Meanwhile, users can only delete unused apps and clean their app permissions.

oneAudience, in response, said it would shut down its SDK immediately. They claimed no data was stored and never used.

MobiBurn asserted that it doesn’t collect, share, or monetize any data from Facebook. The marketing company labeled itself as a middleman between third-party monetization companies and app developers.

Until MobiBurn completes its investigation about the issue, the company swore to cease all indoor activities.

Ex-Chuckle Squad Hacker, Arrested

The Chuckle Squad hacked Twitter CEO Jack Dorsey’s account last August to post racist and sexist remarks on his page. One of their alleged members and leaders, arrested on November 25, is a minor.

Said minor uses the name “Debug.” The person was kicked out of the squad somewhere in October.

Debug used to provide celebrity/public figure numbers for hacking.

Chuckle Squad used the account for two hours before the company managed to retrieve Dorsey’s account.

Reports said the hack could be from a SIM swap: hackers bribe an employee of a carrier to switch two numbers. This action can help them intercept a two-factor authentication code and log in to an account.

Twitter Comms said it was a security issue from the mobile provider, not the website itself. The carrier allowed an unauthorized person to compose tweets via text messages.

The group urged users to join a Chuckling Squad Discord server. Consequently, the owner received permanent removal from the VoIP app almost immediately.

Chloe Grace Moretz and other celebrities also recently got hacked. Then, the same squad took responsibility for them.

Both companies have been under pressure these past few months from emerging demands about online security, politics, and the like.

Facebook is still in a lengthy debate with the US government about its cryptocurrency and refusal to fact-check political ads. Meanwhile, Twitter is slowly changing its interface to change its infamous side effects like quoting without context.

The microblogging site recently added features including the most recent “Hide Replies” button. The feature allows users to control when or when not to see replies on their tweets.