News

Thousands of Twitter Accounts at Risk as Hackers Leak API Keys

Researchers discovered 3,207 apps on Monday that were leaking Twitter API keys, which hackers can easily exploit to access and hijack Twitter accounts.

According to a report from CloudSEK, 230 mobile apps were found to be leaking all four Auth Creds, which attackers can use to completely take over Twitter accounts and carry out actions such as reading DMs, retweeting, liking, removing or following accounts, acquiring account settings and changing display picture.

Because Twitter has grown to be such a significant social media platform, CloudSEK researchers said that attackers may use Twitter accounts to spread false information in a way that’s not achievable on most other websites. The researchers were especially worried about how dangers and frauds may be incorporated into these activities by hackers, making them seem legitimate to unwary people.

Mobile apps, online platforms and cloud interfaces are generally at risk from poorly secured APIs. More than 30 third-party APIs are often included in modern mobile apps, which hackers may use to steal data, follow users, transmit malware, and execute specialized attacks.

The majority of cloud security mishaps, however, are caused by cloud users misconfiguring APIs or relying too much on unreliable third-party suppliers, not by security flaws on the CSP’s end. The digital safety and trust of today’s users must be protected with greater vigilance, and companies must demand greater transparency from app developers on the program components that put their employees in danger of cyberattack.

The leaked Twitter API keys are one of the many similar cases that have been reported in the past, in which private API keys were unintentionally disclosed, either in an open source version of the program, in a resource that is accessible to the public, or in mobile apps like in this case.

The main difference between this situation and the majority of the prior ones is that, in the majority of cases, when developers release an API key, the application or vendor faces the most risk; an excellent illustration of this is the exposure of AWS S3 API keys on GitHub. Users are actually at the same risk level as the mobile application in this situation since they allowed it to access their personal Twitter accounts. This results in a lengthy list of potential abuses and attack scenarios that are made public as a result of the API and SaaS domains’ rapid expansion.

Although the end users of Twitter may be greatly impacted by this event, this kind of vulnerability is one of the simplest to guard against. It’s crucial to evaluate the device itself, the network layer, and the back-end server when evaluating a mobile app for security flaws.

If API secrets are not encrypted on the device, it would be like wrapping your ATM card in a Post-It note that has your PIN printed on it. In this case, the consequences are far more serious and may prompt attackers to launch defamation or impersonation operations that they may direct at certain Twitter users.

Sponsored
Techjuice Team

Leave a Comment
Share
Published by
Techjuice Team

Recent Posts

Microsoft Launches AI-Powered “Support Virtual Agent” for Xbox Users

Microsoft has launched its AI-powered “Support Virtual Agent” chatbot for Xbox Insiders in the U.S.,…

8 hours ago

Musk Says Tesla Won’t Enter Smartphone Market Unless Necessary

Android Authority recently polled its users to find out if they would purchase a Tesla…

8 hours ago

Sukkur IBA Sets Seven Conditions for Conducting MDCAT

The Secretary of the Sukkur IBA Testing Agency has formally requested urgent action from the…

9 hours ago

PSEB Opens Bidding for Nationwide e-Rozgar Centers

The Pakistan Software Export Board (PSEB) has launched a nationwide program to encourage IT startups…

9 hours ago

Google Play Services Bug Disrupts Access to Apps for Pixel Users: Here’s How to Fix It

A significant issue with Google Play Services has left many Pixel users unable to access…

9 hours ago

WhatsApp Beta Partners with Google for Innovative Image Search Feature

When it comes to Android messaging apps, WhatsApp stands out as one of the best.…

10 hours ago