Twitter warns developers that their private keys and account tokens may have been exposed

Twitter has emailed developers warning of a bug that may have exposed their private app keys and account tokens.

In the email, obtained by TechCrunch, the social media giant said that the private keys and tokens may have been improperly stored in the browser’s cache by mistake.

“Prior to the fix, if you used a public or shared computer to view your developer app keys and tokens on developer.twitter.com, they may have been temporarily stored in the browser’s cache on that computer,” the email read. “If someone who used the same computer after you in that temporary timeframe knew how to access a browser’s cache, and knew what to look for, it is possible they could have accessed the keys and tokens that you viewed.”

The email said that in some cases the developer’s access token for their own Twitter account may have also been exposed.

These private keys and tokens are considered secrets, just like passwords, because they can be used to interact with Twitter on behalf of the developer. Access tokens are also highly sensitive, because if stolen they can give an attacker access to a user’s account without needing their password.

Twitter said that it has not yet seen any evidence that these keys were compromised, but alerted developers out of an abundance of caution. The email said users who may have used a shared computer should regenerate their app keys and tokens.

It is not immediately known how many developers were affected by the bug or exactly when the bug was fixed. A Twitter spokesperson did not immediately comment when reached by TechCrunch.

In June, Twitter said that business customers, such as those who advertise on the site, may have had their private information also improperly stored in the browser’s cache.

A hacker used Twitter’s own ‘admin’ tool to spread cryptocurrency scam



from TechCrunch https://ift.tt/3cuccUF

Comments

Post a Comment

Popular posts from this blog

Microsoft says it has no plans to add more backward compatible titles for Xbox One, but says Project Scarlett will run games from all four Xbox generations (Tom Warren/The Verge)

Image
Tom Warren / The Verge : Microsoft says it has no plans to add more backward compatible titles for Xbox One, but says Project Scarlett will run games from all four Xbox generations   —  No more Xbox 360 and Xbox additions to the catalog  —  Microsoft is winding down new additions to its Xbox backward compatibility catalog. from Techmeme http://bit.ly/2Iw9XkX
Read more

SetSail raises $26M Series A for its service that recommends when to pay salespeople, by monitoring the progress of sales across CRM, email, and other systems (Ron Miller/TechCrunch)

Image
Ron Miller / TechCrunch : SetSail raises $26M Series A for its service that recommends when to pay salespeople, by monitoring the progress of sales across CRM, email, and other systems   —  SetSail wants to upend the way sales people get compensated by paying them throughout the sales cycle, rather than a single commission after the sale closes. from Techmeme https://ift.tt/3crZTKl
Read more

Tencent-backed Chinese online education startup Huohua Siwei, which offers K-12 math and science courses, closes its $400M Series E at a $1.5B valuation (Emma Lee/TechNode)

Image
Emma Lee / TechNode : Tencent-backed Chinese online education startup Huohua Siwei, which offers K-12 math and science courses, closes its $400M Series E at a $1.5B valuation   —  Huohua Siwei, an education platform backed by Tencent and short video app Kuaishou, has been valued at $1.5 billion after receiving … from Techmeme https://ift.tt/36AAydN
Read more