Twitter APIs Stolen: Millions of Twitter Accounts in Danger

CloudSEK has detected that more than 3,200 apps have leaked Twitter API keys. CloudSek researchers said the leaked API keys could be used to create an “army of bots” on Twitter to spread fake news or malware through compromised accounts.

Security researchers have uncovered more than 3,200 apps that leaked Twitter API keys that could be used to access or hijack accounts. Cybersecurity firm CloudSEK said these apps were found to leak valid consumer key and consumer secret API keys. 230 of these apps have leaked all four authentication credentials that could be used to completely take over a user’s Twitter account.

A report by the company said that some of these apps are linked to unicorn companies. In this way, a threat actor gaining access to a Twitter account can perform actions such as reading direct messages, deleting tweets, accessing account settings, following other accounts, deleting followers, changing the account profile picture.

Twitter APIs Stolen: Millions of Twitter Accounts in Danger

What Can Be Done with Leaked API Keys?

An API or application program interface is often used to extend an application’s data and functionality to other developers. CloudSEK said that by offering Twitter’s API, it allows developers to create their own way to embed Twitter’s data and functionality into their apps .

CloudSEK also said that malicious people with access to Twitter API keys could use them to hijack accounts and create an “army of bots . ” This army could include verified accounts with a large number of followers that could be used to spread fake news, spearhead malware attacks, spread massive amounts of spam, or run phishing operations.

For now, it is difficult to say how Twitter will follow this issue, but it is obvious that it will take steps on the subject in the coming days.