Twitter accounts fall prey to hijackers with 3200 apps exposing Twitter keys

CloudSEK, a cybersecurity company, recently found out that 3207 applications are exposing Twitter keys and putting thousands of accounts at risk of being hacked.

The company explained that when apps are made, they are given a special security key that will allow them to interact freely with Twitter API. Although this is meant to be erased before launching, when apps fail to do so, they put Twitter accounts at risk.

The user of the account will be allowing the hacker to log into their account, create DMs and like/dislike tweets. They can even access their DMS. Tweets can be deleted, the display picture can be changed, and even account settings can be accessed.

CloudSEK believes that using these accounts, a whole army can be created. This can be done by hacking authentic accounts, increasing the following, and then posting spam content or content that will be used to influence public opinion.

The security company recommended app developers use an API key rotation. This will make the keys disappear or turn invalid when they haven't been used for a long time.

The applications in question that have been affected include all kinds of applications. These include GPS applications, news applications, book applications, and even restaurant applications.

When finding this out, CyberSEK immediately informed all the affected apps. However, it was of no use. There were very few apps that acknowledged the notice and even fewer that did something to fix it.

In such a situation, we are not sure what would be better. Should Twitter stop sharing its API keys altogether? Or should they be handed out only to trusted and responsible developers? But then again, there is no way of knowing who to hand out the keys to. We just hope developers will be more responsible in the future and protect their app as well as their users.


Read next: These Three New Twitter Tools Are Helping Researchers Visualize Information For Free
Previous Post Next Post