- Each app has been downloaded between 50,000 and 5,000,000 times.
- CloudSEK detected 3,207 mobile apps exposing Twitter Consumer Keys and Secrets.
- A threat actor could build up an “army” of Twitter endpoints to spread a scam or malware.
It is possible for attackers to get entire control of Twitter accounts and exploit them for a variety of fraudulent purposes, as the API keys of thousands of Twitter apps have been discovered to be leaked.
CloudSEK, a cybersecurity company, found that a total of 3,207 mobile apps were leaking valid Consumer Keys and Consumer Secrets for the Twitter API.
Several mobile apps can connect to Twitter, which lets those apps take care of certain tasks on the user’s behalf. The integration is done with the help of Consumer Keys and Secrets and the Twitter API. By letting this kind of information get out, the apps could let threat actors send and read tweets, send and read direct messages, and do other things. CloudSEK says that in theory, a threat actor could build up a “army” of Twitter endpoints that would spread a scam or malware campaign by tweeting, retweeting, sending direct messages, etc.
The researchers said that the apps in question are things like e-banking apps, apps for city transportation, radio tuners, and other similar apps. Each of these apps has been downloaded between 50,000 and 5,000,000 times.
In other words, it’s likely that millions of Twitter accounts are in danger.
All of the app owners were told, but most of them didn’t even acknowledge that they had been told, let alone fix the problem. It was said that Ford Motors was one of the companies that quickly fixed the problem on its Ford Events app.
The list of apps won’t be made public until other apps fix the problem.
The researchers said that most API leaks are caused by mistakes in app development. Developers sometimes add authentication keys to the Twitter API and then forget to take them out later.
CloudSEK suggests that developers use API key rotation, which would make exposed keys useless after a while and stop these kinds of leaks.
[embedpost slug=”using-twitter-to-promote-yourself-may-lead-to-a-higher-salary/”]
 
								 
															


















