New research from security firm CloudSEK shows that more than 3,200 mobile applications were leaking Twitter API (Application Program Interface) keys, which can be used to gain access and take over user accounts.
The research highlights how these API keys could be used to create an army of Twitter bots and potentially wage some kind of misinformation war, something we have all probably grown a little too familiar with in the last few years.
Researchers learned that 3,207 apps were leaking valid Consumer Key and Consumer Secret information. Of those, 230 were leaking all four authorization credentials and could be used to fully take over Twitter accounts. Once taken over, threat actors could perform actions such as: