Twitter: a flaw present in more than 3200 applications makes it easy to hack your account

Beware of applications that connect to your Twitter account, they can be a real gold mine for hackers. Indeed, CloudSEK cybersecurity researchers have discovered a flaw present in more than 3,200 applications that simply allows access to user authentication keys. Despite the alert, most of them have not patched the vulnerability yet.

Credits: Unsplash

A new discovery from the cybersecurity experts at CloudSEK sends shivers down the spine. According to their estimates, at least 3,207 smartphone applications contain a flaw allowing any hacker to easily take control of users’ Twitter accounts. The researchers thus explain that during the process of integrating Twitter into an application, developers have authentication keys, also called tokens, which allow them to interact with the social network’s API.

It is these tokens that allow end users to interact with Twitter, whether to log in or post tweets, etc. In other words, these tokens are extremely powerful and, therefore, particularly dangerous if a malicious individual takes possession of them. This is why the vast majority of developers do not store their tokens within their applications, in order to prevent hackers from finding them by digging into the source code.

Related: Twitter Fined 140 Million Euros For Spying On Its Users By Manipulating Them

These 3207 apps put your Twitter account at risk

Nevertheless, it happens that some of them simply forget to remove them before making their application available. So that’s what (probably) happened with these 3207 applications. CloudSEK points out that the latter account for 50,000 and 5 million downloads. The organization did not wish to share the complete list, because the vast majority of them have not yet corrected the security flaw.

However, he specifies that these are applications for transport, newspapers, banks, radio, reading lights, or even diaries. If you have this type of application and your Twitter account is associated with it, we strongly recommend that you log out to avoid the worst. CloudSEK warns of the risks incurred if the breach is not closed, citing in particular the possibility that an army of fake accounts verified by Twitter is spreading scams or fake news, even though these have disappeared from 73% of the network. social in recent months.

Related Articles

Leave a Reply

Your email address will not be published.