Researchers Discover 3,207 Mobile Apps That Reveal Twitter API Keys

Share post:

Researchers from cybersecurity firm CloudSEK have uncovered about 3,207 mobile apps that reveal Twitter API keys, which is dangerous because it could allow attackers to gain unauthorized access to accounts associated with those keys.

To gain access to the Twitter API, secret keys and access tokens must be generated. These keys act as usernames and passwords for the apps and also as the users on whose behalf the API requests are made.

One of the dangerous consequences of these keys in the hands of a threat actor is the fact that they can be used to create a bot army that could potentially be used to spread misinformation on the social media platform.

In a hypothetical scenario, the API keys and tokens extracted from the mobile apps can be embedded in a program to conduct large-scale malware campaigns through verified accounts to target their followers.

The key leak is not limited to Twitter APIs.

In order to mitigate attacks from exposed API keys, it is important to check the code for directly hard-coded API keys. It is also important that keys are rotated periodically, as this will help to reduce the probable risks from a leak.

The sources for this piece include an article in TheHackerNews.

SUBSCRIBE NOW

Related articles

Hamilton Estimates $52 Million to Rebuild IT Systems After Ransomware Attack

The city of Hamilton plans to spend $52 million over the next three years to rebuild and secure...

Avery Data Breach: Credit Card Skimmer Affects Over 61,000 Customers

Label maker Avery has disclosed a data breach affecting 61,193 customers, caused by a credit card skimmer that...

Scammed Company Ordered to Pay $190k for Fraudulent Invoice Payment

A hacker gained access to Mobius Group’s email system and sent instructions from a legitimate email address, directing...

Sneaky 2FA: A Sophisticated Attack Defeats Both 2FA and Phishing Protections

A new phishing kit, ominously named "Sneaky 2FA," has emerged, targeting Microsoft 365 users by bypassing two-factor authentication...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways