CloudSEK’s Attack Surface Monitoring Platform, uncovered 3207 apps, leaking Twitter API keys, that can be utilized to gain access to or to take over Twitter accounts.
- CloudSEK Attack Surface Monitoring Platform discovered that 3207 apps were leaking valid Consumer Key and Consumer Secret.
- 230 apps, some of which are unicorns, were leaking all 4 Auth Creds and can be used to fully take over their Twitter Accounts to perform critical/sensitive actions such as:
- Read Direct Messages
- Remove followers
- Follow any account
- Get account settings
- Change display picture
How Leaked Twitter API Keys Can be Used to Build a Bot Army
This report was mentioned in some of the leading media houses.
- Over 3,200 apps leak Twitter API keys, some allowing account hijacks | Bleeping Computers
- Researchers Find 3200 Apps Exposing Twitter API Keys | Security Boulevard
- Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys | The Hacker News
- Twitter account takeovers possible as thousands of apps | SC Magazine