Shulou(Shulou.com)11/24 Report--

Thanks to CTOnews.com netizen Coje_He for the clue delivery! CTOnews.com, December 21 / PRNewswire-FirstCall-Asianet /-- AI cyber security company CloudSEK recently surveyed 600 popular Android App on Google Play and found that about 50% of App used API keys from three of the most popular email marketing service applications.

CTOnews.com learned that the full name of API is Application programming Interface (application programming interface), which allows applications and services to work together seamlessly in the background and third-party websites.

API is the type of application that online companies and services use to collect customer contact information and manage external marketing activities, which means that a lot of fragile data is transmitted through API keys.

CloudSEK surveyed the App of Google Play through its own BeVigil security engine and found that about half of the App used the API keys of Mailchimp, Sendgrid and Mailgun. There are loopholes in these three API keys, which can pass sensitive data to malicious third parties, thus affecting the security of users and becoming the target of network swindlers.

The affected App has been downloaded more than 5400 times, and each of these App now has the potential to disclose any and all details through the API key. According to CloudSek, the vulnerability could enable malicious actors to read emails, steal customer data, access email lists, and even conduct email marketing campaigns on behalf of affected companies. This last means that users exposed in this way will be particularly vulnerable to complex phishing activities that will be very difficult to detect.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.