Twitter API Keys exposed by over 3000+ mobile applications


Security research carried out by CloudSEK has found that over 3000+ mobile applications were exposing Twitter’s API keys, thus providing access to twitter accounts fraudulently. The research also found that among those, over 230 of them belonged to newly started companies that were found leaking authentication related credentials, allowing a complete takeover of twitter accounts.

CloudSEK researchers state that the leak of API keys could allow threat actors to sneak into the hacked accounts to sniff direct messages, retweet certain messages, delete them, like, remove or add followers, leading to serious consequences.

Furthermore, the cyber criminal can also hack into an account and add it to a list of twitter bot army that can later be used to spread hatred, fake information and cryptocurrency related phishing scams.

Meanwhile, the federal court in San Francisco has heard the trial of a former Twitter employee who is accused of sending sensitive details of a few Twitter users from UAE to a Prince in Saudi Arabia.

Ahmad Abouammo, a former employee of the social media network is alleged to have sent details such as username, IP address, email ID, location, date of birth and such to a Saudi Prince, who later used the information to state sponsored imprisonment and torture and secret prison term in 2015.

Now, the employee is no more linked to the social media giant and will face the trial for indulging in fraudulent practices in 2015.

NOTE- Currently, the disclosure of such details can influence the legal battle that is taking place between Twitter and Tesla Chief Elon Musk, over the former’s acquisition.


Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display