Threat detection company CloudSEK has found tens of applications with hardcoded admin secrets and thousands of applications that leak Algolia API keys, both of which could allow hackers to steal the data of millions of users.
The Algolia API enables businesses to add features like search, discovery, and recommendations to their applications. Over 11,000 businesses, including Lacoste, Slack, Medium, and Zendesk, use the API. According to CloudSEK, 1,550 applications exposed Algolia API keys, including 32 applications with hardcoded admin passwords that gave attackers access to predefined Algolia API keys.
Also Read: Four Effective Ways for Organizations to Address Rising API Bot Attacks
According to CloudSEK, more than 2.5 million people downloaded the offending 32 apps, which could have exposed user data to malicious attacks.
Read More: Leaked Algolia API Keys Exposed Data of Millions of Users
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
