Microblogging website Twitter, on December 21, admitted that a malicious code was inserted into its mobile-app that may have compromised some user’s information. The privacy breach is said to have taken place worldwide, including India.
“We don’t have evidence that malicious code was inserted into the app or that this vulnerability was exploited, but we can’t be completely sure so we are taking extra caution,” Twitter said, in a blog post.
Twitter has also dropped in an email to the users urging them to update the android application. The company noted that the potentially malicious code does not affect Apple’s operating system, iOS.
The email read “ We recently fixed an issue that could have compromised your [users] account. Although we [Twitter] don’t have evidence that this was exploited, we can’t confirm so we are letting you know.”
In the blog post, Twitter specified that the malicious code allowed hackers to access non-public information — direct messages and locations — and control users’ accounts. The hackers could easily Tweet or send direct messages to other users.
In the apology mail, Twitter also provided a link to the users to reach out to Twitter’s Data Protection Office and raise queries and request more information regarding the individual’s account security.
Twitter’s update comes two days after Google had issued a warning to Indian users asking them to change their passwords as a bug, Chrome 79, on the website might have exposed their passwords. The global tech giant Google notified the users through pop-up alerts on laptops, desktops and mobile screens.
Last month, a cybersecurity researcher Avinash Jain revealed that the Indian government’s health portal, Online Registration System (ORS) compromised the privacy of two million patients, last year. He noted that the flaw in the ORS website allowed users to access patient details — name, address, age, mobile number, appointments, Unique Health Identification (UHID), partial Aadhaar numbers, and disease details.
Apart from this, even online caller-identification platform Truecaller have been vulnerable to data breaches this year.