Over 3200 Apps Leak Twitter API Keys, Many Allowing for Full-Account Hijacks – The Mac Observer

Cybersecurity researchers have uncovered a set of 3,207 mobiles apps that expose Twitter API keys to the public. This can potentially enable a threat actor to overtake a users’ Twitter accounts that may have association with the app.

According to BleepingComputer, Cybersecurity firm CloudSEK is responsible for the discovery. After implementing BeVigil, a security search engine for mobile apps, the firm also scrutinized large app sets for data leaks and discovered 3,207 apps leaking a valid Consumer Key and Consumers Secret for the Twitter API.

Of the 3,207 apps, 230 of them were leaking all four Auth Cred to fully take over a Twitter account.

Cybersecurity Firm Finds Developers Leak Twitter API Keys

Essentially, when developers integrate mobile apps with Twitter, they receive authentication keys, or tokens, allowing mobile apps to interact with Twitter API. When a user links their Twitter account with the mobile app, the keys also enable the app to act on behalf of the user. Thus,…

Read Full Story: https://www.macobserver.com/news/over-3200-apps-leak-twitter-api-keys-many-allowing-for-full-account-hijacks/

The post Over 3200 Apps Leak Twitter API Keys, Many Allowing for Full-Account Hijacks – The Mac Observer first appeared on SEO, Marketing and Social News | OneSEOCompany.com.

source: https://news.oneseocompany.com/2022/08/02/over-3200-apps-leak-twitter-api-keys-many-allowing-for-full-account-hijacks-the-mac-observer_2022080225739.html

Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.