CloudSEK’s Attack Surface Monitoring Platform recently found a list of 3,207 mobile apps that are exposing Twitter API keys in the clear, some of the keys are being utilized to gain illegal commands on Twitter handles associated with them.
CloudSEK reported that the takeover is made possible because of the leak of legitimate Consumer Key and Consumer Secret information Singapore-based cybersecurity firm.
Additionally, cloudsek Attack Surface Monitoring Platform discovered that 3207 apps were leaking valid Consumer Key and Consumer Secret. 230 apps, some of which are unicorns, were leaking all 4 Auth Creds and can be used to fully take over their Twitter Accounts to perform critical/sensitive actions such as:
• Read Direct Messages
• Retweet
• Like
• Delete
• Remove followers
• Follow any account
• Get account settings
• Change display picture
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: