Facebook and Twitter announced Monday that an app store bug allowed hundreds of users’ personal data to be accessed by third-party developers of some applications downloaded from the Google Play store.
While the companies did not directly expose user information, they said a bug in a development software managed by One Audience allowed the breach. It gave outside developers access to users’ personal information including email addresses, usernames and shared content.
“While we have no evidence to suggest that this was used to take control of a Twitter account, it is possible that a person could do so,” Twitter wrote on a blog post about the matter.
Facebook and Twitter reported the finding in their statements, saying they were aware hundreds of people were affected and that they planned to notify those concerned that their data may have been accessed without their explicit consent.
Personal data may have been accessed after users used their Facebook or Twitter account to sign up for applications created by One Audience downloaded from the Google Play store.
Although both social media companies avoided mentioning specific applications, US media pointed out that at least two could be photo editing programs Giant Square and Photofy.
“After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn,” Facebook wrote Monday in a statement.