CloudSEK Logo
November 21, 2022

Hardcoded Algolia API Keys Could be Exploited by Threat Actors to Steal Millions of Users’ Data

Algolia's API is used by companies to incorporate search, discovery, and recommendations into their voice, mobile, and website applications. It is currently used by over 11,000 companies, including Lacoste, Stripe, Slack, Medium, and Zendesk to manage ~1.5 trillion search queries a year.

However, CloudSEK's BeVigil, the first security search engine for mobile apps in the world has identified 1550 apps that leaked Algolia API Keys. Out of which, 32 apps, with millions of downloads, have hardcoded keys that can be exploited by threat actors to steal the data of millions of users.

Media Mentions

Authors & Contributors

No items found.
Downloadable Report

Download the Report

Download the report by clicking below.
The Download will start immediately.
Download Now
Schedule a Demo

Join our newsletter

Sign up so that you don't miss any updates from us

Hardcoded Algolia API Keys Could be Exploited by Threat Actors to Steal Millions of Users’ Data

Algolia's API is used by companies to incorporate search, discovery, and recommendations into their voice, mobile, and website applications. It is currently used by over 11,000 companies, including Lacoste, Stripe, Slack, Medium, and Zendesk to manage ~1.5 trillion search queries a year.

Download ReportSchedule a demo

Algolia's API is used by companies to incorporate search, discovery, and recommendations into their voice, mobile, and website applications. It is currently used by over 11,000 companies, including Lacoste, Stripe, Slack, Medium, and Zendesk to manage ~1.5 trillion search queries a year.

However, CloudSEK's BeVigil, the first security search engine for mobile apps in the world has identified 1550 apps that leaked Algolia API Keys. Out of which, 32 apps, with millions of downloads, have hardcoded keys that can be exploited by threat actors to steal the data of millions of users.

Media Mentions

This is some text inside of a div block.

Hardcoded Algolia API Keys Could be Exploited by Threat Actors to Steal Millions of Users’ Data

November 21, 2022
This is some text inside of a div block.
min

Algolia's API is used by companies to incorporate search, discovery, and recommendations into their voice, mobile, and website applications. It is currently used by over 11,000 companies, including Lacoste, Stripe, Slack, Medium, and Zendesk to manage ~1.5 trillion search queries a year.

However, CloudSEK's BeVigil, the first security search engine for mobile apps in the world has identified 1550 apps that leaked Algolia API Keys. Out of which, 32 apps, with millions of downloads, have hardcoded keys that can be exploited by threat actors to steal the data of millions of users.

Media Mentions

This is some text inside of a div block.
This is some text inside of a div block.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.