3,200 Mobile Apps Leaking Twitter API Keys

Researchers at CloudSEK have uncovered 3,207 apps, leaking Twitter API keys, that can be utilized to gain access to or to take over Twitter accounts. These apps were leaking legitimate Consumer Key and Consumer Secret information, Singapore-based cybersecurity firm CloudSEK said in a report.

Researchers inspecting the mobile apps observed that:

5,603 companies were leaking Twitter API Keys/Tokens
5,033 companies were leaking the Twitter Secrets/Token Secret only
4,810 companies were leaking both the Twitter API Keys/Tokens and the Twitter Secrets/Token Secrets

Out of 3,207 apps, 230 were leaking all 4 Auth Creds. 39 of the apps had all 4 keys as valid. The Twitter accounts of these apps could be taken over to perform any critical/sensitive actions such as read DMs, Retweet, Like, Delete, remove followers, follow any account, get account settings, change DP, etc.

About the Author

ISBuzz Team

The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

500,000 Affected in Columbus Data Breach, Followed by Lawsuit Against Security Researcher

Advanced Variant of FakeCall Malware Targets Mobile Users with Sophisticated Vishing Attacks

Microsoft Warns of Major Credential Theft by Chinese Hackers Via Covert Network Attacks

Working With Us

Write For Us

The Pages

3,200 Mobile Apps Leaking Twitter API Keys – Expert Comments