Skip to main content

Security alert: Twitter flaw lets hackers hijack your account on Android

Twitter on a smartphone with the Twitter logo in the background.
(Image credit: Christian Bertrand/Shutterstock)

Do you use the Twitter app on an Android device? If so, then you'd better update to the most recent version of the app, released Dec. 17, because otherwise a miscreant might be able "to see nonpublic account information or to control your account (i.e., send Tweets or Direct Messages)".

That information comes straight from the official Twitter privacy blog, and was announced via an official tweet this morning (Dec. 20). The iOS Twitter app is unaffected.

"Prior to the fix [on Dec. 17], through a complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app, it may have been possible for a bad actor to access information (e.g., Direct Messages, protected Tweets, location information) from the app," said the blog post. 

"We don't have evidence that malicious code was inserted into the app or that this vulnerability was exploited, but we can't be completely sure so we are taking extra caution."

Twitter said it was "directly notifying people who could have been exposed to this vulnerability" via email, or via Twitter itself, "with specific instructions to keep them safe". 

To make sure you're up to date, go into the Play Store app on your phone and check for updates. If there aren't any, search for Twitter and tap its icon when you get a result. 

You'll be taken to the Twitter entry in the Play Store app, and high up on that page, right under "What's new", will be the date the app was last updated. It should say "Dec. 17, 2019".

"If you're unable to update your app, use twitter.com," the official Twitter Support account said.

Twitter invites anyone who has questions to fill out a Data Protection Inquiry Form here