Security News > 2022 > August > Bot army risk as 3,000+ apps found spilling Twitter API keys

Bot army risk as 3,000+ apps found spilling Twitter API keys
2022-08-02 14:45

Want to build your own army? Engineers at CloudSEK have published a report on how to do just that in terms of bots and Twitter, thanks to API keys leaking from applications.

Researchers at the company say they've uncovered 3,207 apps leaking Twitter API keys, which can be used to gain access to or even entirely take over Twitter accounts.

Twitter helpfully exposes an API to allow developers access to the microblogging platform.

The issue is the authentication keys given to developers for API access and how those keys are stored.

Miscreants could simply download the app, decompile it and get hold of the API keys.

Of the 3,207 leaky apps, 57 had premium or enterprise subscriptions to the Twitter API and some of the leaked credentials belonged to verified Twitter accounts.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/08/02/cloudsek_twitter_api/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Twitter 5 0 6 2 0 8