Facebook and Twitter both announced this week that the personal data of thousands of users may have been compromised in a recent breach involving malicious mobile software development kits (SDK). 

Twitter hasn’t shared any figures yet. Facebook, on the other hand, confirmed that thousands of users were affected. In addition, the company said they’ll be notifying more than 9 million users of the breach.

Information breach: What happened?

Twitter

The social media giant recently received a report about a malicious SDK maintained oneAudience. According to Twitter, it issue is not due to a vulnerability in Twitter’s software.

The vulnerability was traced back to oneAudience and its lack of isolation between SDKs within third party applications. A spokesperson for Twitter explains:

Twitter informed both Google and Apple about the malicious SDK and will be notifying Twitters users in due course. Twitter advises to delete any third party apps you may have installed recently:

Facebook

Facebook said in a statement to CNBC that two “bad actors” were identified on their platform, namely oneAudience and Mobiburn. According to the spokesperson, these companies were paying developers to use malicious SDKs.

Facebook also confirmed to Engadget that they’ll be informing more than 9.5m Facebook users that their personal data may have potentially been breached.

Facebook echoed Twitter’s warning about installing and using third-party apps: “We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts.”

Mobiburn and oneAudience respond

Mobiburn addressed the vulnerability:

oneAudience released a statement saying it will be shutting down its SKD with immediate effect. The company claims it was never their intention to collect data:

Also read – Safety tips for parents with teens on Facebook and Instagram