Twitter has recently confessed another security glitch in its systems. Specifically, Twitter now warns of a potential API key leak affecting Twitter developer apps.
Twitter Warns of API Key Leak
In an email to the developers, Twitter has alerted them of a possible API key leak via the developer.twitter.com site. The leak might have happened due to a glitch that let the browsers store API keys inside the cache.
As stated in their email to the developers, the stored information may include access token and other details as well.
Depending on what pages you visited and what information you looked at, this could have included your app’s consumer API keys, as well as the user access token and secret for your own Twitter account.
Hence, in case a user has visited a shared computer, then the browser might have exposed the API keys.
If someone who used the same computer after you in that temporary timeframe knew how to access a browser’s cache, and knew what to look for, it is possible they could have accessed the keys and token that you viewed.
However, this issue does not impact anyone who had not used a shared computer.
Here is a copy of the email that Twitter sent to the developers.
https://twitter.com/davegershgorn/status/1309530150128754688
What Should You Do?
For those who believe this issue may have affected them, Twitter advises regenerating the app keys and tokens.
For now, Twitter confirms no compromise of such information.
We currently have no evidence that your developer app keys and tokens were compromised.”
Whereas, to prevent such incidents from happening again, Twitter had changed the caching instructions of the site. Thus, in the future, the site will prevent the browser from storing such data.
In April 2020, Twitter disclosed a similar bug that potentially exposed users’ data shared via private direct messages. That time too, the glitch happened as Twitter allowed the Firefox browser to store data in cache. Twitter rectified the bug by preventing the Firefox browser from storing such data.
