"Facebook and Twitter Warn of Malicious SDK Harvesting Personal Data From its Accounts"
Researchers discovered that some third-party apps on Facebook and Twitter have quietly scraped personal information from people's accounts without their consent. Some third-party iOS and Android apps use "malicious" software development kits (SDKs). The "malicious" SDKs were designed to display ads. Experts noticed that once users of the social networks were logged into either service using one of these applications, the SDKs then silently accessed their profiles to collect information. The apps that includes the SDK code can collect user names, email addresses, and tweets via unspecified Android apps. Twitter and Facebook reported the incident to Google, Apple, and other industry partners, to have them take action to block the malicious SDK and apps that include its code.