A recent security report revealed that some Android and iOS mobile apps contain hard-coded Twilio credentials, potentially exposing associated account data to unauthorized parties. The issue is not with the Twilio platform itself, but rather a mistake made by developers who didn't follow best practices for securing API keys. Fortunately, if developers have taken steps to secure their APIs, their accounts are safe from this risk. Twilio offers resources and support to help developers re-architect their apps, check for suspicious activity, and rotate their API keys to mitigate the issue.