Twitter, which is among the most popular social media platforms with more than 200 million daily active users, is frequently preferred all over the world, including our country. The platform, which includes many users, has also become the target of some attacks. The last danger that concerns millions of Twitter users has been revealed recently.
Attackers can easily access Twitter accounts through some applications.
According to the research, it was revealed that thousands of applications leaked Twitter API keys. This gives attackers the chance to completely hijack their Twitter accounts and use them for identity theft or other forms of cyber fraud.
Twitter has taken a new step for its editing feature!
Twitter has taken a new step with its editing feature. So it will be possible to see if a Tweet has been edited.
Research by CloudSEK revealed the existence of a total of 3,207 mobile apps that leaked valid user passwords and secrets for the Twitter API. Various mobile applications offer integration with Twitter and can perform certain actions on behalf of users.
Apps that leak such data potentially allow third-party people to tweet, send and read direct messages, and more. CloudSEK states that in this way, some people may promote a fraud or malware campaign through other accounts.
Researchers reveal that these applications serve in many areas such as e-banking, navigation, radio and so on. Each of these apps has already been downloaded between 50,000 and five million times.
With all this, we can say that millions of Twitter accounts are at great risk. All application owners have been informed about the issue. However, it is stated that most application owners do not accept the problem. On the other hand, it was reported that the Ford brand quickly eliminated the gap in the Ford Events application.
It is stated that the list of applications will not be shared until other applications fix the problem. The researchers stated that API leaks are often the result of errors in application development. It is stated that some developers transferred their authentication keys to the Twitter API and then forgot to remove them.
It is expected that this issue will be resolved more broadly in the coming days. So what do you think about this subject? You can share your views with us in the comments section.