🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read more
Back
This is some text inside of a div block.
Adversary Intelligence
How Leaked Twitter API Keys Can be Used to Build a Bot Army
01 Aug 22
This is some text inside of a div block.
min
Thank You!
Your whitepaper is now downloading...
Oops! Something went wrong while submitting the form.
CloudSEK’s Attack Surface Monitoring Platform, uncovered 3207 apps, leaking Twitter API keys, that can be utilized to gain access to or to take over Twitter accounts.
CloudSEK Attack Surface Monitoring Platform discovered that 3207 apps were leaking valid Consumer Key and Consumer Secret. 230 apps, some of which are unicorns, were leaking all 4 Auth Creds and can be used to fully take over their Twitter Accounts to perform critical/sensitive actions such as:
- Read Direct Messages
- Retweet
- Like
- Delete
- Remove followers
- Follow any account
- Get account settings
- Change display picture
Media Mentions
This report was mentioned in some of the leading media houses.
- Over 3,200 apps leak Twitter API keys, some allowing account hijacks | Bleeping Computers
- Researchers Find 3200 Apps Exposing Twitter API Keys| Security Boulevard
- Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys| The Hacker News
- Twitter account takeovers possible as thousands of apps| SC Magazine
No items found.
Thank You!
Your whitepaper is now downloading...
Oops! Something went wrong while submitting the form.