CloudSEK, a cybersecurity company, recently discovered that 3,207 apps are exposing Twitter keys and putting thousands of accounts at risk of being hacked.
The company explained that when apps are created, they are given a special security key that will allow them to freely interact with Twitter’s API. Although this is meant to be hidden before launch, when apps fail to do so, they put Twitter accounts at risk.
The account user will allow the hacker to access their account, create DMs and like/dislike tweets. They can even access their own DMS. Tweets can be deleted, the screenshot can be changed and even account settings can be accessed.
CloudSEK believes that using these accounts, an entire army can be created. This can be done by hacking authentic accounts, increasing their following and then posting content or spam content that will be used to influence public opinion.
The security company recommended that app developers use an API key rollover. This will cause the keys to disappear or become invalid when they have not been used for a long time.
The apps in question that are affected include all types of apps. These include GPS apps, news apps, book apps and even restaurant apps.
When it discovered this, CyberSEK immediately informed all affected applications. However, it was to no avail. There were very few apps that acknowledged the notification and even fewer that did anything to fix it.
In such a situation, we are not sure what would be better. Should Twitter stop sharing its API keys all together? Or should they only be distributed to trusted and responsible developers? But again, there’s no way of knowing who to hand the keys over to. We hope developers will be more responsible in the future and protect their app as well as their users.
Read more: These three new Twitter tools are helping researchers visualize information for free
