Published On: Sat, Sep 26th, 2020

Twitter warns developers that their private keys and comment tokens might have been exposed

Twitter has emailed developers warning of a bug that might have unprotected their private app keys and comment tokens.

In a email, performed by TechCrunch, a amicable media hulk pronounced that a private keys and tokens might have been improperly stored in a browser’s cache by mistake.

“Prior to a fix, if we used a open or common mechanism to perspective your developer app keys and tokens on developer.twitter.com, they might have been temporarily stored in a browser’s cache on that computer,” a email read. “If someone who used a same mechanism after we in that proxy timeframe knew how to entrance a browser’s cache, and knew what to demeanour for, it is probable they could have accessed a keys and tokens that we viewed.”

The email pronounced that in some cases a developer’s entrance token for their possess Twitter comment might have also been exposed.

The email sent by Twitter to influenced developers. (Screenshot: TechCrunch)

These private keys and tokens are deliberate secret, only like passwords, since they can be used to correlate with Twitter on interest of a developer. Access tokens are also rarely sensitive, since if stolen they can give an assailant entrance to a user’s comment though wanting their password.

Twitter pronounced that it has not nonetheless seen any justification that these keys were compromised, though alerted developers out of an contentment of caution. The email pronounced users who might have used a common mechanism should renovate their app keys and tokens.

It is not immediately famous how many developers were influenced by a bug or accurately when a bug was fixed. A Twitter orator would not yield a figure.

In June, Twitter pronounced that business customers, such as those who publicize on a site, might have had their private information also improperly stored in a browser’s cache.

A hacker used Twitter’s possess ‘admin’ apparatus to widespread cryptocurrency scam

About the Author