Mobile apps increasingly expose sensitive AWS API keys, putting over 100 million users at risk. CloudSEK’s BeVigil discovered that 0.5 percent of all mobile apps publicly reveal these keys, allowing attackers to access internal networks, databases, and user information. Because AWS is widely used by major organizations and governments, exposed credentials can enable threat actors to intercept data, manipulate cloud resources, or launch further attacks. This flaw often results from poor developer practices, misconfigured access permissions, and insecure app design, highlighting the urgent need for stronger security checks and proper handling of cloud credentials.

Join for free to read