Security News > 2020 > September > Twitter Warns Developers of API Bug That Exposed App Keys, Tokens

Twitter developers are being warned of a security bug that may have exposed their applications' credential information - including sensitive application keys and access tokens.

These applications allow Twitter users to incorporate multiple platforms into their Twitter account - for instance, OutTwit, a Windows application, allows users to access Twitter via Outlook.

"If you used a shared computer to visit developer.twitter.com with a logged-in Twitter account, we recommend that you regenerate your app keys and tokens," said Twitter in its Friday notice.

Application programming interface keys are a unique identifier used to authenticate a user, developer, or calling program to an API. Twitter has said in a description of its Twitter API keys, "Think of these as the user name and password that represents your Twitter developer app when making API requests." An access token and access token secret are user-specific credentials used to authenticate OAuth API requests.

A Twitter spokesperson sought to downplay the issue and told Threatpost that there is currently no evidence that developer app keys and tokens were compromised.

News URL

https://threatpost.com/twitter-bug-exposed-api-keys-tokens/159591/