Facebook and Twitter do the double and both suffer a user data exposure

THERE IS RARELY a week that goes by without Facebook user data getting exposed, though this time the social network is in good company with the data of Twitter users also getting spilt.

Both the social media firms revealed that user data may have been improperly accessed after users used their accounts to log in to certain Android apps.

Apparently, they were alerted by a security researcher to a malicious software development kit called One Audience that gave third parties access to personal user data, such as usernames, addresses, and recent tweets.

As such, this is not a data leak that falls directly on the shoulders of either Facebook or Twitter, with the latter noting the exposure was down to a "lack of isolation" between the SDK in affected applications.

"Our security team has determined that the malicious SDK, which could be embedded within a mobile application, could potentially exploit a vulnerability in the mobile ecosystem to allow personal information (email, username, last Tweet) to be accessed and taken using the malicious SDK," said Twitter.

"While we have no evidence to suggest that this was used to take control of a Twitter account, it is possible that a person could do so."

Facebook noted that One Audience, along with another SDK called Mobilburn, had been paying developers to bury the malicious software in their apps.

"After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn," said Facebook.

"We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email and gender."

As for the leaked data, that's down to the permissions the apps affected by the malicious SDKs had been granted.

While One Audience seems to have kept tight-lipped on its role in the data leaking, Mobiburn was a bit more vocal.

"Mobiburn only facilitates the process by introducing mobile application developers to the data monetisation companies," Mobiburn said. "This notwithstanding, Mobiburn stopped all its activities until our investigation on third parties is finalised." Hmm, something about no smoke without fire...

Given Facebook and Twitter an under increased scrutiny over their collection and use of data, this will come as another blow to trust in such platforms, even though they appear not to be at blame this time.

Perhaps we should return to simple times when to give someone a 'like', you'd have a roll around with them in the hay, or posting pictures of your lunch involved a sketchbook and some crayons. µ