Christophe Tafani-Dereeper · Jan 24, 2022 · 11:21 PM UTC

Christophe Tafani-Dereeper

Christophe Tafani-Dereeper @christophetd

24 Jan 2022

I'm not even mad, that's amazing. Step 1: Scan GitHub for Twitter API credentials Step 2: Compromise 6'500 Twitter accounts Step 3: Have them retweet a tweet pointing to your research

PinataHub_Bot @PinataHub_Bot

24 Jan 2022

If you don't remember retweeting this, it means that you have leaked your Twitter Access Token in a public GitHub repository. Not the best practice, right? For details, read our latest article: link.medium.com/L1VvZmhb5mb #InfoSec #CyberSecurity #GitHub

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Jan 25, 2022 · 5:01 PM UTC

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Jan 25, 2022 · 5:01 PM UTC

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 @dsilverstone

25 Jan 2022

Replying to @christophetd

That's gotta have contravened some usage policy rules though right? I hope they don't get slapped by Twitter for this. Frankly Twitter ought to be trawling github and gitlab from time to time and revoking any tokens they find.

Jan 25, 2022 · 5:01 PM UTC