Millions of Twitter accounts could be at risk of attack due to these security flaws TechRadar Skip to main content TechRadar is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Here's why you can trust us. Millions of Twitter accounts could be at risk of attack due to these security flaws By Sead Fadilpašić published 2 August 2022 Thousands of apps are leaking sensitive data (Image credit: Shutterstock) Audio player loading… Thousands of apps are leaking Twitter API keys, giving attackers the chance to completely take over those accounts, and use them for identity theft (opens in new tab) or other types of cyber-fraud. The findings come courtesy of cybersecurity experts CloudSEK, which found a total of 3,207 mobile apps leaking valid Consumer Keys, as well as Consumer Secrets, for the Twitter API. Various mobile apps offer integration with Twitter, allowing those apps to perform certain actions in the users' stead. The integration is done through the Twitter API and with the help of Consumer Keys and Secrets. By leaking this type of data, the apps potentially allow threat actors to tweet things, send and read direct messages, or similar. In theory, CloudSEK explains, a threat actor could amass an "army" of Twitter endpoints (opens in new tab) that would promote a scam or a malware campaign by tweeting, retweeting, reaching out via DMs, etc. Millions of downloads The researchers said the apps in question include e-banking apps, city transportation apps, radio tuners, and similar, and have between 50,000 and five million downloads, each. In other words, millions of Twitter accounts are most likely at risk. All of the app owners have been notified, but most of them failed to even acknowledge being notified, let alone address the issue. Ford Motors is one of the companies that fixed the problem fast, on its Ford Events app, it was said.Read more> Twitter tightens grip on developers with new API restrictions (opens in new tab) > Twitter's new API brings new features, will be developer friendly (opens in new tab) > These are the best identity management software right now (opens in new tab) Until other apps fix the issue, the list of the apps will not be made public. API leaks, the researchers added, are usually the result of errors in app development. Sometimes, developers will embed authentication keys in the Twitter API and later forget to remove them. To prevent such leaks, CloudSEK recommends devs use API key rotation, which would render exposed keys invalid after some time.Here are the free and paid options for the best firewall software (opens in new tab) to stay protected online Via: BleepingComputer (opens in new tab) Sead Fadilpašić Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he's written for numerous media outlets, including Al Jazeera Balkans. He's also held several modules on content writing for Represent Communications. See more Computing news Are you a pro? Subscribe to our newsletter Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Thank you for signing up to TechRadar. You will receive a verification email shortly. There was a problem. Please refresh the page and try again. MOST POPULARMOST SHARED1The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me2Stop saying Mario doesn't have an accent in The Super Mario Bros. Movie3Google Pixel Tablet is what Apple should've done ages ago4RTX 4090 too expensive? Nvidia resurrects another old favorite5More than one million credit card details leaked online1The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me2iPhone 15 tipped to come with an upgraded 5G chip3If this feature succeeds for Modern Warfare 2, Microsoft can't ignore it4Apple October launches: the new devices we might see this month5The Rings of Power episode 8 trailer feels like one big Sauron misdirect Technology Magazines (opens in new tab)● (opens in new tab)The best tech tutorials and in-depth reviewsFrom$12.99 (opens in new tab)View (opens in new tab)