Facebook and Twitter Users' Data Exposed Due To Third-Party SDK Bug

Facebook and Twitter announced on Monday that the companies were notified about malicious software development kits (SDKs) that allowed certain apps to collect users' data from the apps without their permission. Paul Thurrott reports: The main culprits here are One Audience and Mobiburn, developers of the malicious SDKs that apparently paid developers to use the SDKs and secretly collect users data. Twitter noted that the issue isn't due to a vulnerability in its software. The breach was caused by "the lack of isolation between SDKs within an application," according to the company. The company also said that the malicious SDKs could allow apps to access personal information like your email, username, and your last tweet without your permission. "We have evidence that this SDK was used to access people's personal data for at least some Twitter account holders using Android, however, we have no evidence that the iOS version of this malicious SDK targeted people who use Twitter for iOS," the company said. The two social networks said that they will notify the affected users about the breach.

Newsflash

[richi]

Newsflash: My Twitter username and my last tweet are not private information.

Re:Newsflash

[geekmux]

Newsflash: My Twitter username and my last tweet are not private information.

Ironically that doesn't seem to matter anymore. Reminds me of a social media experiment where a guy approached strangers and started telling them all kinds of personal information about themselves, which of course was openly gleamed off their public social media accounts.

He was accused of violating their privacy, with a "victim" even threatening to call the police.

Social media attention whores share every detail of their lives with the entire fucking planet, and then get offended when you find it. Pretty much sums up that stupidity.

Shouldn't have informed the users

[gnasher719]

Should have informed Apple for example, so they can remove the offending apps from the App Store, block them, and close the developers' accounts, so the developers can sue the makers of the SDK for damages.

This kind of shit only stops if it has severe negative financial consequences.

Feature. Not bug.

[Way Smarter Than You]

Making a call to a documented API named, "StealAllUserInfo()" was in the earliest alpha release and was the first publicly exposed API made available by Zuckerberg and Twitter. For those of you saying this is all public info... your email address is not publicly associated with your username under normal circumstances unless you expose it.

Yes.... bug

[bazmail]

Has there ever been a bug that actually benefited user privacy? All of these "bugs" seem to make more money for the companies involved. Strange.

Re:

[gnasher719]

Has there ever been a bug that actually benefited user privacy?

First off, what we have here is not a bug. The SDK _intentionally_ steals your information. Any _bugs_ in the SDK that would prevent it from stealing information would benefit user privacy.

Many bugs benefit user privacy because infringing on your privacy doesn't work because of the bug. That kind of bug gets fixed. And because it didn't infringe on your privacy, nobody reports about it.

And most privacy violating bugs do _not_ make money for the companies. They don't make money by leaking your credit c

Re:

[thomn8r]

The other type of serious bug, that gets fixed ASAP, is the one that leaks the information but bypasses the Facebook/Twitter/Google Accounts Receivable department.

As opposed to what?

[BAReFO0t]

As far as I know, that is Facebook's entire crime sch... err, 'business model'.

Or is it because they leech no money that way?