Thousands of Mobile Apps Leaking Twitter API Keys
New finding comes amid report of overall surge in threats targeting mobile and IoT devices over the past year.
API security focuses on protecting application interfaces from unauthorized access, data exposure, abuse, and flaws in authentication or design.
Search across headline titles and summaries.
Background for this topic.
Application Programming Interfaces (APIs) are sets of rules that allow software applications to communicate and exchange data, often enabling functionality across different systems or services. APIs define how requests and responses are structured, making it possible for programs to interact without direct user involvement. In cybersecurity, APIs are commonly exposed over networks as endpoints that handle sensitive operations like data retrieval, user authentication, or transaction processing.
APIs increase the attack surface by exposing endpoints that attackers can target with unauthorized access attempts, injection attacks, or denial-of-service. Common risks include weak or missing authentication, insufficient input validation, and improper rate limiting. Effective API security requires strong authentication protocols (e.g., OAuth), strict input validation to prevent injection, rate limiting to mitigate abuse, and comprehensive logging to detect anomalies. Protecting APIs is critical to prevent data leaks, privilege escalation, and service disruption in interconnected environments.
New finding comes amid report of overall surge in threats targeting mobile and IoT devices over the past year.
Please stop leaving credentials where miscreants can find them Want to build your own army? Engineers at CloudSEK have published a report on how to do just that in terms of bots and Twitter, thanks to API keys leaking from applications.…
Security oversight could enable account takeovers
Cybersecurity researchers have uncovered a set of 3,207 mobile apps that are exposing Twitter API keys to the public, potentially enabling a threat actor to take over users' Twitter accounts that are associated with the app. [...]
Researchers have uncovered a list of 3,207 apps, some of which can be utilized to gain unauthorized access to Twitter accounts