Twitter It has security issues due to a severe loss of API keys

Share This Post

When a developer wants to integrate his app with Twitter, he receives special authentication keys or tokens. This paves the way for the app to interact with Twitter API. Then, any time a user connects his Twitter account to the developer’s app, the keys also will enable the app to act on behalf of the user. According to CloudSEK, the app developers made a huge mistake by embedding their authentication keys in the Twitter API. They also forgot to remove them once the app was released.

Bleeping Computer reports that 3,207 mobile apps are currently publishing Twitter API credentials. These keys might provide hackers access to user accounts. These days, Twitter is in the news because of its ongoing dispute with Elon Musk regarding the purchase of the firm. But in the midst of its legal battles, the social media network is exposed to a serious security risk. A genuine Consumer Key and Consumer Secret for the Twitter API are exposed by 3,207 apps, the cybersecurity firm CloudSEK claims in the research.

Highlights

  • Bleeping Computer says it has the full list of impacted applications that have between 50,000 and 5,000,000 downloads. Also, the apps range from transportation companions and radio tuners to book readers, event loggers, newspapers, e-banking apps, cycling GPS apps, and more.

  • CloudSEK says account hijackers can do almost everything with the account, including reading direct messages, liking and retweeting tweets, creating or deleting tweets, removing or adding new followers, changing account settings, or changing the pictures on the account. The cybersecurity firm also warns that account hijackers can create an army of verified Twitter accounts to promote fake news, malware campaigns, cryptocurrency scams, etc.

Most of the impacted applications claim they haven’t received the CloudSEK notices. Also, most of them still haven’t addressed the issues. The source did not disclose the names of the apps. However, it says Ford Motors was the only company that quickly responded and solved the issues on the “Ford Events” app.

spot_img

Related Posts

The Center has banned VLC Media Player; is it a hacking ploy?

No formal justification for the restriction on VLC Media...

Spotify and Samsung are ramping up collaboration and adding new features

In a press release, Spotify revealed that premium his...

What Samsung products can I update to Android 12

Further reading: Android 12 Is Installed Only On 13%...

After a data breach, HPE says Aruba customer data was exposed

HPE acquired Aruba Networks in 2015 for $3 billion...

YouTube is testing a new navigation drawer for Android users

As explained above, the new functionality will open a...