Over 3,200 Apps Leak Twitter API Keys, Some Allowing Account Hijacks

By   ISBuzz Team
Writer , Information Security Buzz | Aug 03, 2022 02:26 am PST

It has been reported that cybersecurity researchers have uncovered a set of 3,207 mobile apps that are exposing Twitter API keys to the public, potentially enabling a threat actor to take over users’ Twitter accounts that are associated with the app. The discovery belongs to CloudSEK, which scrutinized large app sets for potential data leaks and found 3,207 leaking a valid Consumer Key and Consumer Secret for the Twitter API. CloudSEK explains that the leak of API keys is commonly the result of mistakes by app developers who embed their authentication keys in the Twitter API but forget to remove them when the mobile is released. According to the research, they could be abused to perform a range of sensitive actions including: reading direct messages; retweeting; liking; deleting; removing followers; following accounts; and changing display pictures.