Earlier today, Twitter sent an email to all Android Twitter users confirming that the company had fixed a serious vulnerability in Android-side APP, through which hackers may have obtained some user account information. In a detailed blog post, Twitter said it had found no direct evidence that the data had been used and that it had not disclosed/sold information on the dark web or other sources.
But as a precaution, Twitter has informed users to change their passwords as soon as possible via email and mobile APP to keep their accounts secure. The company also posted instructions and APP updates to users.
In the e-mail:
We recently fixed a vulnerability that exists in the Android-side Twitter app that allows bad actors to see nonpublic account information or control your account (i.e., send tweets or direct messages). Until it is fixed, by inserting malicious code into complex processes such as the restricted storage area of the Twitter application, the bad actor may have access to information from the Twitter application (e.g., direct messages, protected tweets, location information).
We have no evidence that malicious code has been inserted into the application or exploited, but we can’t be 100% sure at this time, so we need to be extra careful.