Security flaw might affect millions of Twitter accounts
Security flaw might affect millions of Twitter accounts. As a result of the discovery that the API keys for thousands of Twitter apps have been leaked, it is now possible for attackers to seize total control of Twitter accounts and exploit them for a variety of fraudulent purposes.
3,207 mobile applications were found to be leaking legitimate Consumer Keys and Consumer Secrets for the Twitter API, according to cybersecurity firm CloudSEK.
Many mobile applications may connect to Twitter, enabling such applications to handle certain actions on the user’s behalf. Consumer Keys and Secrets, together with the Twitter API, are used to complete the integration. Threat actors could be able to write and read tweets, send and read direct messages, and perform other actions if the applications allow this type of information to leak.
According to CloudSEK, a threat actor could theoretically amass a “army” of Twitter endpoints that would tweet, retweet, send direct messages, etc. to launch a scam or malware campaign.
According to the experts, the in question applications include radio tuners, e-banking, city transit, and other comparable apps. These programmes have each been downloaded anywhere from 50,000 to 5,000,000 times.
So, millions of Twitter accounts might potentially be in jeopardy.
All of the application owners were informed, but the majority of them didn’t even acknowledge receiving the information, much less take anything to correct the issue. According to reports, Ford Motors was one of the businesses that swiftly addressed the issue with its Ford Events app.
Until additional applications solve the issue, the list of apps won’t be made public.
According to the experts, errors in app development are to blame for the majority of API leaks. Sometimes, developers add authentication keys to the Twitter API without remembering to remove them later.
To prevent these sorts of breaches, CloudSEK advises developers to employ API key rotation, which would eventually render exposed keys unusable.
- Twitter is testing a new change to tweets everyone can appreciate
- Twitter to become more like Instagram Stories! This is what you can attach in tweets in future
- How to turn off new Twitter Refresh sound effect
Conclusion
Security flaw might affect millions of Twitter accounts. 3,207 mobile applications were found to be leaking legitimate Consumer Keys and Consumer Secrets for the Twitter API. A threat actor could theoretically amass a “army” of Twitter endpoints that would tweet, retweet, send direct messages, etc.
