🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read more
Back
This is some text inside of a div block.
Adversary Intelligence
Hardcoded Algolia API Keys Could be Exploited by Threat Actors to Steal Millions of Users’ Data
21 Nov 22
This is some text inside of a div block.
min
Thank You!
Your whitepaper is now downloading...
Oops! Something went wrong while submitting the form.
Algolia's API is used by companies to incorporate search, discovery, and recommendations into their voice, mobile, and website applications. It is currently used by over 11,000 companies, including Lacoste, Stripe, Slack, Medium, and Zendesk to manage ~1.5 trillion search queries a year.
However, CloudSEK's BeVigil, the first security search engine for mobile apps in the world has identified 1550 apps that leaked Algolia API Keys. Out of which, 32 apps, with millions of downloads, have hardcoded keys that can be exploited by threat actors to steal the data of millions of users.
Media Mentions
- SecurityWeek: Leaked Algolia API Keys Exposed Data of Millions of Users
- Infosecurity Magazine: Thousands of Algolia API Keys Could Expose Users' Data
- SCMagazine: Thousands of users’ data at risk due to widespread Algolia API key leak
- InformationSecurity Buzz: What Expert Says On Algolia API Keys Leaked
No items found.
Thank You!
Your whitepaper is now downloading...
Oops! Something went wrong while submitting the form.