Connect with us

Hi, what are you looking for?


Data Protection

Twitter, Facebook User Data Improperly Accessed via Malicious SDKs

Twitter and Facebook this week took action against malicious mobile software development kits (SDKs) that were used to improperly access user data.

Twitter and Facebook this week took action against malicious mobile software development kits (SDKs) that were used to improperly access user data.

Both companies have confirmed that, upon receiving reports of the malicious tools, they conducted their own investigations and concluded that the SDKs were indeed malicious. Users who downloaded and installed applications that employ these kits have been impacted.

In a blog post on Monday, Twitter revealed that the malicious SDK that affected some of its users came from oneAudience. The kit could be used to access user data and possibly take over accounts, but the platform says it has no evidence that the latter has occurred.

“We have evidence that this SDK was used to access people’s personal data for at least some Twitter account holders using Android, however, we have no evidence that the iOS version of this malicious SDK targeted people who use Twitter for iOS,” Twitter announced.

The social platform says it will inform potentially impacted Android users and suggested that users should not only delete third-party apps that might be malicious, but also review and revoke permissions granted to those apps.

Facebook confirmed that two malicious kits were used to target the information of its users: the oneAudience and Mobiburn SDKs. The company has already removed the apps employing these tools and issued cease and desist letters against the offending platforms.

“Security researchers recently notified us about two bad actors, One Audience and Mobiburn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores. After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn,” a Facebook spokesperson said in an emailed statement.

Advertisement. Scroll to continue reading.

“We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts,” the spokesperson added.

On its website, MobiBurn has posted a note claiming that it does not collect, share, or modify data from Facebook.

“MobiBurn primarily acts as an intermediary in the data business with its bundle, i.e., a collection of SDKs developed by third-party data monetisation companies. MobiBurn has no access to any data collected by mobile application developers nor does MobiBurn process or store such data. MobiBurn only facilitates the process by introducing mobile application developers to the data monetisation companies,” the company says.

Both Google and Apple have been informed about the findings, and they could take further action against applications using the malicious SDKs.

Related: Facebook: Third-Party App Developers Improperly Accessed User Information

Related: Twitter Admits Phone Numbers Meant for Security Used for Ads

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.