CloudSEK’s Attack Surface Monitoring Platform, uncovered 3207 apps, leaking Twitter API keys, that can be utilized to gain access to or to take over Twitter accounts.
- CloudSEK Attack Surface Monitoring Platform discovered that 3207 apps were leaking valid Consumer Key and Consumer Secret.
- 230 apps, some of which are unicorns, were leaking all 4 Auth Creds and can be used to fully take over their Twitter Accounts to perform critical/sensitive actions such as:
-
- Read Direct Messages
- Retweet
- Like
- Delete
- Remove followers
- Follow any account
- Get account settings
- Change display picture
-
Download the Report
How-Leaked-Twitter-API-Keys-Can-be-Used-to-Build-a-Bot-Army.pdf
Media Mentions
This report was mentioned in some of the leading media houses.
- Over 3,200 apps leak Twitter API keys, some allowing account hijacks | Bleeping Computers
- Researchers Find 3200 Apps Exposing Twitter API Keys | Security Boulevard
- Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys | The Hacker News
- Twitter account takeovers possible as thousands of apps | SC Magazine