Third-Party Apps Improperly Access Personal Data from Hundreds of Twitter and Facebook Accounts


Date: 26 – November – 2019


Yesterday, Facebook and Twitter announced that the personal data of hundreds of its users may have been improperly accessed by third-party apps, after the companies were alerted by security researchers that the SDK Software Developer Kit “One Audience” gave access to developers to users data like usernames, email and recent activity like their latest tweets.   


Twitter informed that they have evidence that this malicious SDK was used to access data of users that have Android devices and that they don’t have evidence of the use of the SDK to access people’s data on iOS devices. 


Twitter will notify directly to the affected users and they have already informed Google and Apple about the malicious SDK.


In the case of Facebook, according to CNBC, a spokesperson said that  “Security researchers recently notified us about two bad actors, One Audience and Mobiburn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores… and that “we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn…” and they will notify the affected users. 


On a statement, Mobiburn said that they only facilitate the process by introducing mobile application developers to the data monetization companies and they do not collect, share or monetize data from Facebook.