Uma falha na app do Twitter do Android afeta a opção “Proteger meus tweets” nas configurações de “Privacidade e segurança” da conta, que permite visualizar os posts dos utilizadores apenas para seguidores aprovados.
As pessoas que usaram a app do Twitter para Android podem ter desativado a configuração de tweets protegidos depois de fazer algumas alterações nas configurações da conta, por exemplo, após uma alteração no endereço de e-mail associado ao perfil.
“We’ve become aware of an issue in Twitter for Android that disabled the “Protect your Tweets” setting if certain account changes were made.” reads the security advisory published by the company.
“You may have been impacted by this issue if you had protected Tweets turned on in your settings, used Twitter for Android, and made certain changes to account settings such as changing the email address associated with your account between November 3, 2014, and January 14, 2019.”
A vulnerabilidade foi introduzida em 3 de novembro de 2014 e foi corrigida em 14 de janeiro de 2019. Os utilizadores que usam a app iOS ou a versão da web não foram afetadas.
O Twitter notificou os utilizadores afetados e ativou o “Protect your Tweets” novamente, caso eles estivessem desativados.
“We are providing this broader notice through the Twitter Help Center since we can’t confirm every account that may have been impacted. We encourage you to review your privacy settings to ensure that your ‘Protect your Tweets’ setting reflects your preferences,” continues the advisory.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.