The API keys are used to make payments.

The exposed API key ID and secret allows attackers to carry out transactions without the knowledge of the app owners.

“This is a serious threat as it can be abused by anyone who gets access to this information,” researchers said in their blog post. “If an attacker gets hold of these details, he/she can easily perform fraudulent transactions on behalf of any user whose payment information has been leaked due to this vulnerability

Back to Main