Security News > 2020 > September > Twitter Says Bug Leading to API Key Leak Patched
Twitter last week started sending emails to developers to inform them of a vulnerability that might have resulted in the disclosure of developer information, including API keys.
Designed to provide developers using the Twitter platform and APIs with access to documentation, community discussion, and other type of information, the portal also offers app and API key management functionality.
In the email sent to developers, Twitter revealed that the addressed issue resulted in app keys and tokens being stored in the browser's cache, thus potentially resulting in their leak.
"Prior to the fix, if you used a public or shared computer to view your developer app keys and tokens on developer.twitter.com, they may have been temporarily stored in the browser's cache on that computer. If someone who used the same computer after you in that temporary timeframe knew how to access a browser's cache, and knew what to look for, it is possible they could have accessed the keys and tokens that you viewed," Twitter told developers.
According to the company, app consumer API keys, along with user access tokens and secrets for the developers' own Twitter accounts might have been affected by the issue.