CloudSEK, a threat detection company, has identified thousands of applications that leak Algolia API keys and tens of applications with hardcoded admin secrets, which could allow attackers to steal the data of millions of users.
The Algolia API enables businesses to add features like search, discovery, and recommendations to their applications. Over 11,000 businesses, including Lacoste, Slack, Medium, and Zendesk, use the API. According to CloudSEK, 1,550 applications exposed Algolia API keys, including 32 applications with hardcoded admin passwords that gave attackers access to predefined Algolia API keys.
Also Read: Cyber Attackers Target Trusted Cloud Applications in This Digital Era
These flaws could be used by a threat actor to read user information, including IP addresses, access information, analytics data, and user information deletion.
Read More: Leaked Algolia API Keys Exposed Data of Millions of Users
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.