There are applications that reveal Twitter API keys The risk of hacking the information of millions of Twitter accounts increase and use them for identity theft.
According to the findings of cybersecurity experts CloudSEK, there are a total of 3,207 smartphone apps that expose Consumer Keys and Consumer Secrets to the Twitter API.
Read more: North Korea is the main suspect in the $100 million Harmony platform hack
The risk of hacking the information of millions of Twitter accounts
Various smartphone apps integrate with Twitter, and with the user’s consent to the integration, those apps are allowed to take certain actions on behalf of users. Integration is done through the Twitter API with the help of Consumer Keys and Secrets. By exposing this type of data, these apps allow threat actors to take actions such as directly sending and reading messages, tweeting, and the like.
The apps in question include e-banking apps, public transport apps, radio tuners and the like, each downloaded between 50,000 and 5 million times, the researchers said. In other words, millions of Twitter accounts are likely at risk.
This issue has been notified to all the developers of these programs. However, most of them have not confirmed the notification and as a result no action is taken to solve this problem. Ford Motors is one of the companies that quickly fixed this problem in its Ford events program.
The list of listed apps will not be made public until other apps fix this issue. Researchers also say that API leaks are usually the result of errors in app development. Sometimes, developers embed authentication keys in the Twitter API and forget to remove them later.
CloudSEK recommends developers use API key rotation to prevent data leakage. Key rotation invalidates exposed keys after a while.
What do you think about the risk of hacking the information of millions of Twitter accounts? Please share your thoughts in the comment section with Tekrato Technology News Follow with us.