On December 20, 2019, users of the Andriod version of the Twitter app may have received an email from Twitter informing them of a recently fixed issue that ‘could have compromised their account’. If you use Twitter, should you be concerned?
Twitter’s announcement suggests that they recently ‘fixed a vulnerability within Twitter for Android that could allow a bad actor to see nonpublic account information or to control your account’.
What this means in simple terms according to Twitter is that the identified issue could have allowed ‘a bad actor to access information such as Direct Messages, protected Tweets and location information from the app’.
Apple iOS users seem to have been exempt from this latest security issue.
Security advisories like these from major social media platforms are not uncommon.
Such announcements could indicate that major social media platforms like Twitter are conscious of their responsibilities under privacy regulations such as the General Data Protection Regulations (GDPR) for more timely privacy-related breach reporting. That’s a good thing for us all.
So, should you be concerned about the email from Twitter?
Users that have updated to the latest version of Twitter for Android should already be a step ahead (according to the announcement).
However, Twitter says that they cannot be ‘completely sure’ that the weakness has not been exploited. Therefore, the most important precaution you can take is to ensure that you are running the latest version of the app.
Take a moment to check and update your Twitter app now.
Whether or not you have the most recent version of Twitter for Andriod running, here are a few more suggestions to improve the overall security of your Twitter account.
#1: Your privacy and security on Twitter is your responsibility
When it comes to social media platforms, we use them based on our own personal risk appetite. Major social media platforms claim to be ‘free’ to use. However, it is widely understood that the price of this ‘freedom’ is the data we give in exchange.
Some folks are comfortable with that, others are not. Balancing privacy and convenience is a judgement call that each of us will have to make at some point.
If you’re uncomfortable with your level of exposure on Twitter (or on any other social media platform for that matter), this might be a good time to review your security and privacy settings.
Twitter has a useful page with some practical advice about securing your account. Take a moment to review your settings and implement their suggestions.
On Android go to > Your profile icon > Settings and Privacy
Twitter’s advice includes ensuring that you use strong passwords, using multi-factor authentication or login verification and being careful of which third-party apps you grant access to your Twitter account.
Avoid using the same password you use on Twitter for other apps and websites.
Ultimately, while Twitter (hopefully) play their part to secure their platform, you share responsibility for protecting your account.
#2: Set up your phone to automatically update your mobile apps
It is easy to miss notifications to update your apps with the latest versions. Why not remove the dependency on your memory and set up your phone to automatically download and update apps. It is, of course, best to do this over a Wi-Fi connection to save your data.
Follow these instructions from Google for updating your Andriod Apps.
Here are similar instructions for your iPhone/iOS.
#3: Be careful when clicking on URLs in general
This advice applies to your email, SMS and social media inboxes. Whether you trust the sender or not, always exercise caution before clicking on any URLs.
When it comes to Twitter feeds, scrolling and randomly clicking on Tweets with links to websites is easy to do. What is less simple is knowing exactly where those links lead to.
Follow the simple rule that if you didn’t request for it, don’t click on it. Preferably open a browser window and manually type in the URL if you need to access it.
Not even Twitter executives are safe so protect yourself!
In 2015, Twitter’s then CFO Anthony Noto had his account hijacked, probably due to some carelessness on his part or whoever manages his account.
In 2019, it was the turn of Twitter CEO, Jack Dorsey to have his own account compromised. In this case, the hijack was from a likely compromise of the mobile phone number associated with his account.
The moral of the story is that even the gatekeepers of the platform get caught out sometimes.
Being careless with your security and privacy on social media platforms can be embarrassing or worse.
Don’t wait until you get an email from Twitter to find out.