News

Thousands of Twitter Accounts at Risk as Hackers Leak API Keys

Researchers discovered 3,207 apps on Monday that were leaking Twitter API keys, which hackers can easily exploit to access and hijack Twitter accounts.

According to a report from CloudSEK, 230 mobile apps were found to be leaking all four Auth Creds, which attackers can use to completely take over Twitter accounts and carry out actions such as reading DMs, retweeting, liking, removing or following accounts, acquiring account settings and changing display picture.

Because Twitter has grown to be such a significant social media platform, CloudSEK researchers said that attackers may use Twitter accounts to spread false information in a way that’s not achievable on most other websites. The researchers were especially worried about how dangers and frauds may be incorporated into these activities by hackers, making them seem legitimate to unwary people.

Mobile apps, online platforms and cloud interfaces are generally at risk from poorly secured APIs. More than 30 third-party APIs are often included in modern mobile apps, which hackers may use to steal data, follow users, transmit malware, and execute specialized attacks.

The majority of cloud security mishaps, however, are caused by cloud users misconfiguring APIs or relying too much on unreliable third-party suppliers, not by security flaws on the CSP’s end. The digital safety and trust of today’s users must be protected with greater vigilance, and companies must demand greater transparency from app developers on the program components that put their employees in danger of cyberattack.

The leaked Twitter API keys are one of the many similar cases that have been reported in the past, in which private API keys were unintentionally disclosed, either in an open source version of the program, in a resource that is accessible to the public, or in mobile apps like in this case.

The main difference between this situation and the majority of the prior ones is that, in the majority of cases, when developers release an API key, the application or vendor faces the most risk; an excellent illustration of this is the exposure of AWS S3 API keys on GitHub. Users are actually at the same risk level as the mobile application in this situation since they allowed it to access their personal Twitter accounts. This results in a lengthy list of potential abuses and attack scenarios that are made public as a result of the API and SaaS domains’ rapid expansion.

Although the end users of Twitter may be greatly impacted by this event, this kind of vulnerability is one of the simplest to guard against. It’s crucial to evaluate the device itself, the network layer, and the back-end server when evaluating a mobile app for security flaws.

If API secrets are not encrypted on the device, it would be like wrapping your ATM card in a Post-It note that has your PIN printed on it. In this case, the consequences are far more serious and may prompt attackers to launch defamation or impersonation operations that they may direct at certain Twitter users.

Sponsored
Techjuice Team

Share
Published by
Techjuice Team

Recent Posts

MoITT Opens Applications for Key Member IT Position (MP-1 Scale)

The Ministry of Information Technology and Telecommunications (MoITT) is currently accepting applications for the post…

7 hours ago

Apple’s iOS Updates Enhance Call Quality with Voice Isolation and Wide Spectrum

Apple's recent iOS updates are revolutionizing the quality of phone conversations by introducing features that…

7 hours ago

Samsung Criticizes Apple Fans Again, Calling Them iSheep

Once again, Samsung has launched a campaign that makes fun of Apple and its customers.…

8 hours ago

Google Play Store to Introduce Alerts for Low-Quality Apps

The Google Play Store is currently working on a new feature that is designed to…

10 hours ago

Punjab Announces Winter Vacations Starting December 20

LAHORE: Khalid Nazir Wattoo, Punjab's Secretary for Schools, announced on Monday that the winter break…

10 hours ago

NCERT Advisory Warns of Konfety Group Targeting Android Users with Malicious Apps

The National Computer Emergency Response Team (nCERT) has issued an advisory to Android users worldwide…

11 hours ago