I sent platform Twitter warned developers via an email about an error that may have revealed private application keys and account codes.
The social media giant said in the email: The private keys and codes may have been stored incorrectly in the browser’s cache by mistake.
The email says: If you are using a public or shared computer to display developer application keys and tokens on (developer.twitter.com) – The portal where developers manage Twitter applications and the attached API keys – they may have been temporarily stored in the browser’s cache on this computer prior to the repair.
“If someone knows how to access the browser’s cache, knows what to look for, and uses the same computer after you in that timeframe, then it is likely that they could have access to the keys and tokens that you saw.”
The email stated that in some cases, the developer’s access code for his Twitter account might also be exposed.
Just like passwords, these private keys and codes are confidential because they can be used to interact with Twitter on the developer’s behalf.
Access tokens are also very sensitive, because if they are stolen, they can give an attacker access to a user’s account without needing their password.
The platform said: It has not yet seen any evidence of these keys being hacked, but it has alerted developers because it wants to make sure that developers are aware of what happened and what they can do to keep their apps and account secure.
The e-mail said: Users who may have used a shared computer should recreate their application keys and tokens.
It is not immediately known how many developers were affected by this bug or exactly when the bug was fixed, and a Twitter spokesperson did not provide any number.
The platform said in June: Business customers, such as those who advertise on the site, may have their private information stored incorrectly in the browser cache.
Given that hundreds of billions of dollars in online businesses rely on APIs to run smoothly, this ubiquitous ubiquity makes APIs an exciting target for hackers trying to exploit vulnerabilities.
Twitter said: It has changed the temporary storage instructions that the site sends to the developers’ browsers to prevent it from storing information about your applications or your account so that this does not happen anymore.