Twitter is urging users of its Android app to update to the latest version, which it says fixes a vulnerability that could have allowed an attacker to hijack accounts.
The social media company said in a blog post the vulnerability "could allow a bad actor to see nonpublic account information or to control your account".
"Prior to the fix, through a complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app, it may have been possible for a bad actor to access information (e.g. direct messages, protected tweets, location information) from the app," it said.
“We don’t have evidence that malicious code was inserted into the app or that this vulnerability was exploited, but we can’t be completely sure so we are taking extra caution,” Twitter said.
“We have taken steps to fix this issue and are directly notifying people who could have been exposed to this vulnerability either through the Twitter app or by email with specific instructions to keep them safe.
“These instructions vary based on what versions of Android and Twitter for Android people are using.
“We recommend that people follow these instructions as soon as possible.”
The company provided more details of fixes via support accounts on the platform itself.
“To provide more detail, this issue was fixed in Twitter for Android version 7.93.4 (released Nov. 4, 2019 for KitKat) as well as version 8.18 (released Oct. 21, 2019 for Lollipop and newer),” it said.
“Twitter for Android is no longer supported on Android OS versions older than KitKat.”
The vulnerability did not impact the iOS app.