Twitter has mailed all developers warning of a bug that might have exposed their private app keys and account tokens, reports TechCrunch. In the email, obtained by TechCrunch, the social media giant said that the private keys and tokens may have been improperly stored in the browser’s cache by mistake.
Twitter wrote in the email that before the bug is fixed if developers used a public or shared computer to view the developer app keys and tokens on developer.twitter.com, those might have been temporarily stored in the browser’s cache on that computer.
“If someone who used the same computer after you in that temporary timeframe knew how to access a browser’s cache, and knew what to look for, it is possible they could have accessed the keys and tokens that you viewed,” Twitter added.
These private keys and tokens are considered secret, just like passwords, because they can be used to interact with Twitter on behalf of the developer. Access tokens are also highly sensitive because if stolen they can give an attacker access to a user’s account without needing their password.
Twitter said that it has not yet seen any evidence that these keys were compromised, but alerted developers out of an abundance of caution. The email said users who may have used a shared computer should regenerate their app keys and tokens.
It is not immediately known how many developers were affected by the bug or exactly when the bug was fixed. A Twitter spokesperson would not provide a figure.
In June, Twitter said that business customers, such as those who advertise on the site, may have had their private information also improperly stored in the browser’s cache.