Twitter warns developers that private keys, account tokens may have been exposed
If developers have used a public/shared computer to view their app keys and tokens, they should regenerate it.
Twitter has mailed all developers warning of a bug that might have exposed their private app keys and account tokens, reports TechCrunch. According to the email, Twitter said that private keys and tokens may have been improperly stored in the browser's cache by mistake.
Twitter wrote in the email that prior to the bug being fixed, if developers used a public or shared computer to view the developer app keys and tokens on developer.twitter.com, those might have been temporarily stored in the browser's cache on that computer.
If someone used the same computer right after and knew how to access a browser's cache and knew what to look for, it is possible they could have accessed the keys and tokens the developers viewed, Twitter added.
Twitter also added that in some cases, the developers' access token for their own Twitter account many have also been exposed.
Private keys and tokens are considered to be as sensitive as passwords as they can be used to interact on Twitter. Access tokens are also highly sensitive because they can give an attacker access to a user's account without requiring a password.
Twitter mentioned that they have not seen any evidence of these keys being compromised yet but were alerting developers as a precaution. Thus, any developer who might have used a shared or public computer should regenerate their app keys and tokens.
It's not known exactly how many developers might have been affected by the glitch or when the bug was fixed.