Have you also tried logging in to your Facebook or Twitter accounts to log-in to other apps on your smartphone? Like most of us, we really do not mind it. We just type in our log-in details, link the third-party apps then you are good to go.
Unfortunately, there are many shady developers and we have just submitted ourselves to them. These developers can then have access to our personal details. Facebook and Twitter have since then released a warning to its users.
Shady developers steal personal information through Twitter log-ins
On Monday, the microblogging social media, Twitter published a notice on its website, saying that some third-party developers may have used a software development kit to steal personal information to users. The software is called oneAudience can obtain users’ email, username, and last tweet.
These set information will then be sent to the company that made the tool. In the same news, Facebook says it too has fallen victim to the oneAudience scam. The social media plans to issue the same notice to its users later today.
According to Twitter, the vulnerability is not within Twitter itself, “but rather the lack of isolation between SDKs within an application.” The company also adds that it does not have evidence that someone exploited the issue to take control of anyone’s account. But the company does warn us of that possibility.
Also, Twitter says that is has contacted both Google and Apple to confide in the issue. But notes say it does not have any evidence to suggest any iOS users have had their information stolen.
Additionally, Twitter ended the note by saying it plans to contact anyone who has been affected by the issue. “There is nothing for you to do at this time, but if you think you may have downloaded a malicious application from a third-party app store, we recommend you delete it immediately,” the company says.
Facebook has also been affected by the oneAudience software
A spokesperson from Facebook told Endgadget that it has taken away log-in access from any apps that violated its policies. The social media site has also issued a cease and desist letters to oneAudience and Mobiburn (another SDK that offers similar functionality to oneAudience).
Facebook went on to say that apps that used oneAudience and Mobiburn could have shared information like email, name, and gender with the companies that created this software. The social media site plans on notifying its 9.5 million users and to inform them that their data has potentially been compromised.
Always be cautious…
No matter how secure we think our accounts are and how often these companies update their social media sites for security, it will still be open to vulnerabilities. Although this is not as big as last year’s Cambridge Analytica data abuse, it still is potential exposure to users’ data that loses faith people have in these sites on their ability to keep our information safe and secure.
This goes to show that users should not blindly use Facebook or Twitter accounts to log-in for other third-party apps and services. Unless you know exactly what you have gotten yourself into then, by all means, go ahead.