Twitter security flaws might put millions of accounts at risk.
An attacker can steal Twitter API keys to commit cyber fraud by gaining full control of an individual’s account.
Cloud SEK identified 3,200 mobile apps exposing Twitter Consumer Secrets.
Twitter integration allows mobile apps to act in certain scenarios.
Integration uses the Twitter API and Consumer Keys and Secrets.
Apps that leak this kind of information give threat actors to do things like tweet or send and read messages.
Between 50,000 and five million downloads each and include e-banking, public transit, and radio tuners.
The majority of the apps’ owners have yet to acknowledge the notification or take any action to rectify the problem.
Likewise Ford was one of the companies who quickly rectified the problem on its Ford Events app.
The list of affected apps won’t be made public until the other apps are updated to solve the problem.
According to the study’s findings, API leaks are as a result of mistakes made during the creation of a program.
In the Twitter API, developers may incorporate authentication keys by mistake and fail to delete them later.
Leave a Reply