Twitter experienced a new security vulnerability that exposed the direct messages of users who access the service using Android devices.
The vulnerability exposed the private data of Twitter users running devices with Android OS versions 8 and 9.
This vulnerability could allow an attacker, through a malicious app installed on device, to access private Twitter data on people's device by working around Android system permissions that protect against this.
Source: https://www.cnbc.com/2020/08/05/twitter-android-users-direct-messages-may-have-been-exposed.html
TPRM report: https://scoringcyber.rankiteo.com/company/twitter
"id": "twi232926123",
"linkid": "twitter",
"type": "Vulnerability",
"date": "08/2020",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Technology',
'name': 'Twitter',
'type': 'Social Media Platform'}],
'attack_vector': 'Malicious App',
'data_breach': {'type_of_data_compromised': 'Direct Messages'},
'description': 'Twitter experienced a new security vulnerability that exposed '
'the direct messages of users who access the service using '
'Android devices. The vulnerability exposed the private data '
'of Twitter users running devices with Android OS versions 8 '
'and 9. This vulnerability could allow an attacker, through a '
'malicious app installed on the device, to access private '
"Twitter data on people's device by working around Android "
'system permissions that protect against this.',
'impact': {'data_compromised': 'Direct Messages',
'systems_affected': 'Android devices with OS versions 8 and 9'},
'motivation': 'Data Theft',
'title': 'Twitter Android Direct Message Vulnerability',
'type': 'Vulnerability',
'vulnerability_exploited': 'Android system permissions bypass'}