Tuesday, July 10, 2018

It's 10pm, do you know where your API keys are?


Yesterday, the social media archival service Timehop announced that they had suffered a breach. The service allows users to look back through their social media feeds to see what was happening last year for instance. In order to facilitate this, Timehop stores API keys for users' social media accounts. Timehop did a great job disabling any API keys they thought may have been accessed. Still, this breach highlights the risks of compromises in increasingly connected applications. In this video, we discuss some recommendations for individuals and organizations to inventory and understand API key usage for connected applications.