Twitter is facing a massive API key leak, causing security concerns


In accordance with A beeping computer, 3,207 mobile apps now expose Twitter API keys. These keys can allow hackers to hijack user accounts.

Twitter is making headlines these days because of him the conflict continues with Elon Musk on the takeover of the company. But social media platform faces a major security threat amid the trial. According to the report, the cybersecurity firm CloudSEK found that 3,207 apps exposed the actual user key and user secret to the Twitter API.

When a developer wants to integrate their app with Twitter, they get special authentication keys or tokens. This opens the way for the app to interact with the Twitter API. Then, whenever the user connects their Twitter account to the developer’s app, the keys also allow the app to act on the user’s behalf.

Twitter API keys leaked due to developer bug

According to CloudSEK, the app’s developers made a big mistake by embedding their authentication keys into the Twitter API. They also forgot to remove them after the program was released.

CloudSEK says account attackers can do almost anything to an account, including reading direct messages, liking and retweeting tweets, creating or deleting tweets, deleting or adding new followers, changing account settings, or changing account images.

The cyber security firm also warns that account hijackers could create an army of verified Twitter accounts to promote fake news, malware campaigns, cryptocurrency scams, etc.

Bleeping Computer says it has a full list of affected apps that have between 50,000 and 5,000,000 downloads. Additionally, applications range from in-car satellites and radio tuners to book readers, event recorders, newspapers, e-banking apps, bike GPS apps, and more.

Most of the affected apps claim that they did not receive CloudSEK messages. Also, most of them still haven’t addressed the issues. The source did not disclose the names of the applications. However, it says that Ford Motors was the only company that responded quickly and fixed the problems in the “Ford Events” app.

Twitter is facing a massive API key leak, causing security concerns

Source link Twitter is facing a massive API key leak, causing security concerns