Hardcoded Algolia API Keys Could be Exploited by Threat Actors to Steal Millions of Users’ Data

Hardcoded Algolia API Keys Could be Exploited by Threat Actors to Steal Millions of Users’ Data

Algolia's API is used by companies to incorporate search, discovery, and recommendations into their voice, mobile, and website applications. It is currently used by over 11,000 companies, including Lacoste, Stripe, Slack, Medium, and Zendesk to manage ~1.5 trillion search queries a year.

Algolia’s API is used by companies to incorporate search, discovery, and recommendations into their voice, mobile, and website applications. It is currently used by over 11,000 companies, including Lacoste, Stripe, Slack, Medium, and Zendesk to manage ~1.5 trillion search queries a year.

However, CloudSEK’s BeVigil, the first security search engine for mobile apps in the world has identified 1550 apps that leaked Algolia API Keys. Out of which, 32 apps, with millions of downloads, have hardcoded keys that can be exploited by threat actors to steal the data of millions of users.

Click here to Download

Hardcoded-Algolia-API-Keys-Could-be-Exploited-by-Threat-Actors-to-Steal-Millions-of-Users-Data.pdf

 

Media Mentions

Connect with
CloudSEK's Product Expert

Schedule time with CloudSEK Product Expert and let them explain how our products and solutions can help improve your security posture.