If you’ve ever used the Twitter app on an Android device before, you might have received an email over the weekend informing you that “an issue that could have compromised your account” has been fixed. The email that showed up in my inbox suggested that there isn’t any evidence that my account specifically compromised, but recommended that I update to the latest version of Twitter for Android as soon as possible to be safe.
The email directed me to a post on the Twitter Privacy Center where the company goes into slightly more detail about the exploit, though the explanation is rather vague, perhaps to protect those who haven’t updated:
We recently fixed a vulnerability within Twitter for Android that could allow a bad actor to see nonpublic account information or to control your account (i.e., send Tweets or DMs). Prior to the fix, through a complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app, it may have been possible for a bad actor to access information (e.g., DMs, protected Tweets, location information) from the app.
The company then goes on to clarify two very important points:
- There’s no evidence malicious code was inserted into the Twitter app or that this vulnerability was ever exploited.
- Instructions in the email sent out to those who were potentially affected “vary based on what versions of Android and Twitter for Android people are using.”
In regards to that second point, it sounds like not every email looks exactly like the one I received. But regardless of which email you got, or if you even got one at all, if you use the Twitter app on an Android device, you should head to the Play Store ASAP and ensure that you have the latest version of the app installed.