Twitter security bug on Android left some private messages exposed

Twitter has disclosed the discovery of a security bug that impacted only a small percentage of users, according to a brief note detailing the matter. According to the company, it has already fixed the bug, as expected, one that potentially left some private messages exposed to malicious actors who may have been aware of how to exploit the security issue. Twitter says this bug was related to a larger Android security issue that impacted older versions of the mobile OS.

According to Twitter, the vulnerability only impacted around 4-percent of Android users, the 4-percent who have failed to install a security patch that protects against an old Android OS 8/9 security issue. Without that patch, the Twitter app's vulnerability made it possible for a hacker to access DMs and other private Twitter account details using a malicious app installed on the user's phone.

Now, it's not all bad news — Twitter says that it doesn't have any evidence that this vulnerability was actually exploited by any malicious actors. However, it does highlight the importance of installing Android security updates and upgrading to newer phones once your aging phone loses support for these vital patches.

It is important to note that Twitter can't be entirely sure whether anyone actually did exploit this issue, though, meaning users need to take steps to keep themselves safe. Assuming you're one of those 4-percent of users who failed to install the Android security patch, you should make sure that you update the Twitter app to benefit from the vulnerability fix.

Vulnerable users will receive in-app alerts about the vulnerability; they'll also be required to update Twitter in order to keep using it. The updated Twitter app for Android ensures that other apps aren't able to access its data — this was achieved by adding 'extra safety precautions' that exceed what is offered by Android itself, according to the company.