Hundreds of Twitter and Facebook users had their personal information accessed or stolen by malicious apps they had downloaded and installed on their smartphones.
Names, usernames, gender and email addresses are thought to be in the hands of app developers who gained access to those accounts after users signed in using their Facebook login credentials.
According to Facebook and Twitter, the breach happened to people who signed in to malicious apps with their Facebook or Twitter account.
You've seen it. Rather than setting up an account with the app, you take the shortcut, giving it access to your social media account.
In a statement, Twitter said it discovered a software developer kit named "One Audience." Facebook said "One Audience" was paying developers to use malicious software in a number of apps available in the Google Play Store that would gather personal information from people who logged in with Facebook or Twitter.
While neither company identified the apps, there are reports that they include the popular "Photofly" and "Giant Square" which have been downloaded hundreds of thousands of times.
The breach is known to affect Android users. iPhones were not susceptible to the breach.
Still, it's a reminder that it's rarely ever a good idea to log into an app using your Facebook or Twitter login credentials. It may take a few minutes longer, but it's always best to set up a new account using an email and password.
It's also a good idea to go into settings on both Facebook and Twitter to see which apps you've given permission to use your social media accounts, and remove those.
Gloss