Twitter warns developers that their private keys and account tokens may have been exposed – ClearTips
Twitter Developers warning of a bug may have been made aware of their personal app keys and account tokens.
In an email obtained by ClearTips, the social media giant stated that private keys and tokens may have been incorrectly stored in the browser’s cache.
“Prior to the fix, if you used a public or shared computer to view the developer app keys and tokens on developer.twitter.com, they may be temporarily stored in the browser’s cache on that computer , “The email read. “If someone who uses the same computer after you in that temporary timeframe knows how to access the browser’s cache, and knows what to look for, then it’s possible that they saw you Access keys and tokens. “
The email states that in some cases the use of tokens for the developer’s own Twitter account may also be exposed.
These private keys and tokens are considered secret like passwords, as they can be used to interact with the developer on Twitter. Access tokens are also highly sensitive, because if stolen, they can give an attacker access to a user’s account without requiring their password.
Twitter said it had yet to see any evidence that these keys were compromised, but alerted developers to the abundance of vigilance. The email states that users who have used a shared computer should retrieve their app keys and tokens.
It is not immediately known how many developers were affected by the bug or exactly when the bug was fixed. A Twitter spokesperson would not provide a figure.
In June, Twitter said that business customers, such as those advertising on the site, may also have their personal information improperly stored in the browser’s cache.