It was recently disclosed that thousands of social media apps are actively leaking Algolia API keys, and various other applications with hardcoded admin secrets, which allows threat actors to steal the important credentials of millions of users.
The research analysed 600 applications on the Google Play store and it was found that 50% were leaking application programming interface (API) keys of three popular transactional and marketing email service providers.
According to the data, 1,550 applications have been listed that disclosed Algolia API keys, of which 32 applications had hardcoded admin secrets, providing malicious actors access to pre-defined Algolia API keys.
Malicious actors could exploit the data to read important user information, such as IP addresses, analytics data, and access details, they could also delete user information.
As per the recent study by Salt Security, “malicious API attack traffic surged 117% over the past year, from an average of 12.22 million malicious calls per month to an average of 26.46 million calls.”
On Monday, three famous transactional and marketing email service providers – Mailgun, Sendgrid, and MailChimp disclosed that more than 54 million mobile app users are at potential risk worldwide, including from India.
Users from the United States have downloaded these apps the most, followed by the UK, Spain, Russia, and India, leaving over 54 million mobile app users vulnerable.