Yesterday, the social media archival service Timehop announced that they had suffered a breach. The service allows users to look back through their social media feeds to see what was happening last year for instance. In order to facilitate this, Timehop stores API keys for users' social media accounts. Timehop did a great job disabling any API keys they thought may have been accessed. Still, this breach highlights the risks of compromises in increasingly connected applications. In this video, we discuss some recommendations for individuals and organizations to inventory and understand API key usage for connected applications.
Ramblings about security, rants about insecurity, occasional notes about reverse engineering, and of course, musings about malware. What more could you ask for?
Tuesday, July 10, 2018
It's 10pm, do you know where your API keys are?
Yesterday, the social media archival service Timehop announced that they had suffered a breach. The service allows users to look back through their social media feeds to see what was happening last year for instance. In order to facilitate this, Timehop stores API keys for users' social media accounts. Timehop did a great job disabling any API keys they thought may have been accessed. Still, this breach highlights the risks of compromises in increasingly connected applications. In this video, we discuss some recommendations for individuals and organizations to inventory and understand API key usage for connected applications.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.