CloudSEK Logo
August 1, 2022

How Leaked Twitter API Keys Can be Used to Build a Bot Army

CloudSEK’s Attack Surface Monitoring Platform, uncovered 3207 apps, leaking Twitter API keys, that can be utilized to gain access to or to take over Twitter accounts.

CloudSEK Attack Surface Monitoring Platform discovered that 3207 apps were leaking valid Consumer Key and Consumer Secret. 230 apps, some of which are unicorns, were leaking all 4 Auth Creds and can be used to fully take over their Twitter Accounts to perform critical/sensitive actions such as:

  • Read Direct Messages
  • Retweet
  • Like
  • Delete
  • Remove followers
  • Follow any account
  • Get account settings
  • Change display picture

Media Mentions

This report was mentioned in some of the leading media houses.

Authors & Contributors

No items found.
Downloadable Report

Download the Report

Download the report by clicking below.
The Download will start immediately.

Join our newsletter

Sign up so that you don't miss any updates from us

How Leaked Twitter API Keys Can be Used to Build a Bot Army

CloudSEK’s Attack Surface Monitoring Platform, uncovered 3207 apps, leaking Twitter API keys, that can be utilized to gain access to or to take over Twitter accounts.

CloudSEK’s Attack Surface Monitoring Platform, uncovered 3207 apps, leaking Twitter API keys, that can be utilized to gain access to or to take over Twitter accounts.

CloudSEK Attack Surface Monitoring Platform discovered that 3207 apps were leaking valid Consumer Key and Consumer Secret. 230 apps, some of which are unicorns, were leaking all 4 Auth Creds and can be used to fully take over their Twitter Accounts to perform critical/sensitive actions such as:

  • Read Direct Messages
  • Retweet
  • Like
  • Delete
  • Remove followers
  • Follow any account
  • Get account settings
  • Change display picture

Media Mentions

This report was mentioned in some of the leading media houses.

This is some text inside of a div block.

How Leaked Twitter API Keys Can be Used to Build a Bot Army

August 1, 2022
This is some text inside of a div block.
min

CloudSEK’s Attack Surface Monitoring Platform, uncovered 3207 apps, leaking Twitter API keys, that can be utilized to gain access to or to take over Twitter accounts.

CloudSEK Attack Surface Monitoring Platform discovered that 3207 apps were leaking valid Consumer Key and Consumer Secret. 230 apps, some of which are unicorns, were leaking all 4 Auth Creds and can be used to fully take over their Twitter Accounts to perform critical/sensitive actions such as:

  • Read Direct Messages
  • Retweet
  • Like
  • Delete
  • Remove followers
  • Follow any account
  • Get account settings
  • Change display picture

Media Mentions

This report was mentioned in some of the leading media houses.

This is some text inside of a div block.
This is some text inside of a div block.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.