Facebook has reported finding more than 400 malicious Android and iOS apps intended to copy Facebook login credentials from users who run these apps. Facebook contacted Apple and Google regarding these apps found in their app stores. A list of the apps may be found here.
Twitter revealed that an earlier security vulnerability that allowed someone to enter a phone number or email address to verify if that information was tied to an existing Twitter account. The Twitter user account name was returned if a match was found. Twitter fixed this issue and is in the process of contacting only those users that were affected by this incident.