 "Data breach: Third party apps leak personal information from FB, Twitter")
Malicious applications have leaked personal data of Facebook and Twitter users to third party, according to an advisory issued by cyber security watchdog Cert-In without disclosing the impact on Indian subscribers.
India is among largest market for Facebook and Twitter.
The apps violated Facebook platform policy by installing software in their apps by sending information to two companies-- OneAudience and Mobiburn, the advisory said.
Twitter shared that a software development kit (SDK) developed by OneAudience contains privacy-violating component which may have passed some of its users' personal information like email, username, tweet to OneAudience servers, it added.
"It has been reported that personal data of Facebook and Twitter users were improperly accessed by a pair of malicious SDKs used in certain third-party apps," Cert-in said in the advisory note on November 27.
When contacted Facebook said that security researchers recently notified the company about two bad actors, One Audience and Mobiburn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores.
"After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn. We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email and gender," Facebook spokesperson said.
Twitter said the breach has not happened due to a vulnerability in Twitter's software, but rather the "lack of isolation between SDKs within an application".
"We have evidence that this SDK was used to access people's personal data for at least some Twitter account holders using Android, however, we have no evidence that the iOS version of this malicious SDK targeted people who use Twitter for iOS," Twitter said in a blogpost.
It further said that the microblogging platform has also informed Google and Apple about the malicious SDK so they can take further action if needed.
"We have also informed other industry partners about this issue," Twitter said.
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app