Twitter warns the developers that their API keys, access tokens, and access token secrets may have been exposed in a browser’s cache. The company has notified the developers by sending emails regarding this.
Twitter states that the browser used by developers may have cached the sensitive data while accessing certain pages on developer.twitter.com.
The developer.twitter.com portal lets developers manage their apps and attached API keys, along with the access token and secret key for their account.
The company has already fixed the problem by preventing the data to be cached in the browser. The notification has been emailed to inform the users that other users who have accessed the machine used by developers in the past might have been able to access security tokens and API keys.
If security tokens and API keys are obtained, it could let an app to access data for a specific account.
The email sent by Twitter reads that before fixing the issue, if a user used a public or shared computer to view their developer app keys and tokens on developer.twitter.com, they may have been temporarily stored in the browser’s cache on that computer. If another person uses the same computer after you in that temporary timeframe, and knew how to access a browser’s cache, then there are chances that they could have accessed the keys and tokens viewed by the user.
Based on the pages you visited, you could have included your app consumer API keys, as well as the user access token and secret for your own Twitter account.
Twitter claims that there are no evidence of developer app keys and tokens being compromised. However, it recommends users to regenerate API keys and access tokens.
Image Credits : Digital Market Asia