There are more than 3,000 mobile apps that threat actors can utilise to obtain unauthorised access to Twitter accounts. A cybersecurity firm revealed that the account takeover was possible because of a leaked authentic Consumer Key and Consumer Secret Information.
The researchers unveiled that out of the 3,200 applications, 230 are leaking four authentication credentials and can be taken advantage of by hackers to take over Twitter accounts. This incident poses a significant threat to Twitter users since entities that exploit this method will likely have access to direct messages and other features offered by the social media platform.
Threat actors that will exploit the Twitter API will need specific tokens.
The threat actors will need to generate Keys and Access Tokens based on reports to access the Twitter API. These tokens usually act as the usernames and passwords for the application and the users whose API request belonged.
A malicious entity acquiring this information can develop a Twitter bot army that the hackers could leverage to disseminate fake news and disinformation on the platform. The researchers then noted that if multiple account takeovers happened, it would be a massive threat to the authenticity of every post coming out in the future.
Furthermore, these stolen API keys and tokens from mobile apps can be attached to a program to orchestrate several malware campaigns via verified accounts to target its followers. Security form should also note that the key leak is not limited to the Twitter APIs since there are secret keys for AWS, HubSpot, Razorpay, and GitHub accounts from unsafe mobile applications.
A separate researcher also explained that variables in a landscape are optional means to refer to keys and spoof them apart from not embedding them in the source file. Therefore, these variables can save time and increase security. Securities should employ extensive care to ensure that files with environment variables in the source code are not included.
Experts recommend reviewing code for hard-coded API keys while constantly rotating keys to help mitigate probable risks caused by the leak to reduce the number of similar attacks.
