3,207 mobile applications are currently showing Twitter API keys, according to Bleeping Computer . These keys might provide hackers access to user accounts.
These days, Twitter is in the news because of its ongoing dispute with Elon Musk regarding the purchase of the firm. But in the midst of its legal battles, the social media network is exposed to a serious security risk. The cybersecurity company CloudSEK has discovered that 3,207 apps reveal a legitimate Consumer Key and Consumer Secret for the Twitter API.
A developer gets unique authentication keys or tokens when he wishes to connect Twitter with his project. This makes it possible for the app to communicate with the Twitter API. When a user links his Twitter account to the developer’s app, the app will then be allowed to act on the user’s behalf thanks to the keys.
Due to a developer error, the Twitter API keys are leaking. The app’s creators, in the opinion of CloudSEK, made a serious error by including their authentication keys in the Twitter API. Additionally, they neglected to take them out after the app’s launch.
According to CloudSEK, account hijackers have access to practically all of the account’s features, including reading direct messages, liking and retweeting tweets, posting or deleting tweets, removing or adding followers, modifying account settings, and altering the account’s images.
The cybersecurity company also issues a warning that hackers who hijack accounts may amass a massive number of verified Twitter accounts in order to spread malicious campaigns, fake news, cryptocurrency scams, etc.
Advertisement According to Bleeping Computer, it has the whole list of impacted apps with 50,000–5,000,000 downloads. Additionally, the apps include radio tuners, book readers, newspapers, event logs, e-banking apps, bicycle GPS apps, and more.
The majority of the afflicted applications assert that they weren’t sent the CloudSEK alerts. Furthermore, the majority of them still haven’t solved the problems. The names of the apps were kept a secret by the source. However, it claims that Ford Motors was the only business that responded right away and fixed the problems with the Ford Events app.