But tech experts are skeptical. The authenticity of the leak is questioned by many users and experts, who point to typos, technical flaws, and suspicious timing. Cybersecurity firm cloudsek found 3,207 mobile apps that expose twitter api keys to the public, enabling threat actors to access and manipulate users' twitter accounts The apps include city transportation companions, radio tuners, book readers, and more, and most developers have not fixed the issue. Cloudsek researchers said the leaked api keys could be used to build a 'bot army' on twitter to spread misinformation and malware. Security researchers have discovered over 3200 mobile apps which are leaking twitter api keys, potentially enabling threat actors to perform account takeovers
Twitter apis enable developers to access the social media app in order to embed various bits of its functionality into their own software. A brute force approach using phone numbers, which would involve testing every number within a country's addressable phone number space, may have been too intensive and triggered rate limits on twitter's api Being selective about which email addresses to run through twitter's leaky api may have resulted in more positive matches. Experts in cybersecurity have discovered a group of 3,207 mobile apps that expose twitter api keys to the general populace, potentially allowing a threat actor to take control of users' twitter accounts linked to the app The finding was made by cybersecurity company cloudsek, which examined extensive app sets for potential data leaks and discovered […]
OPEN
