Twitter urges Android users to update after breach gives hackers access to private messages

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Twitter has urged all Android users to update to the latest version of its app due to a security issue that could allow people access to users' direct messages.

In a blog post, Twitter said that attackers could work “around Android system permissions” to gain access to a users' account.

This only affects Android OS 8 and 9 – known as Android Oreo and Android Pie, respectively. The current Android operating system is Android 10, with Android 11 launching imminently.

This is seemingly by using external apps which could access Twitter in-app data by adding extra safety precautions beyond those that are standard in the operating system.

Twitter has said the new update will now forbid such practises.

Twitter also says it has no evidence that this vulnerability was exploited by hackers – 96 percent of people using Twitter for Android already have the security patch that protects their app from this attack, it said.

Nevertheless, the four percent who do not will need to update. Twitter has sent in-app notifications to everyone who could be using a vulnerable device.

The company says it is “identifying changes to our processes to better guard against issues like this” too.

This news comes as Twitter is reeling off one of the most dangerous hacks in its history, as the accounts of many prominent figures including Bill Gates, Joe Biden, Kanye West, Jeff Bezos and others were hacked to promote a Bitcoin cryptocurrency scam.

Three people, including a 19-year-old from Britain another teenager from Florida, and a 22-year-old have been charged with the hack.

Twitter claims that a “phone spear phishing attack” was used to gain access to Twitter employees information, that could then be used to target higher-profile employees.

This contradicts previous reporting, apparently speaking to the hackers at the time on the condition of anonymity, that suggests the hackers paid a Twitter employee for access to internal tools. Twitter declined to comment.