Twitter warns developers of possible API key leaks

Spread the love

Twitter has warned developers using the API for potential API key leaks. Due to an incorrect setting on the Twitter developer page, api keys and access tokens have been stored within the browser.

ZDnet reports this on the basis of emails sent to developers. Wrong configuration of developer.twitter.com caused api data to be accidentally stored within the browser used by the developer. In most cases this does not have to lead to a security problem, but if a public PC is used, the data can possibly be stolen.

Twitter has since resolved the caching problem with the API keys and access tokens so that they are no longer stored within the browser. The cause of the incorrect setting on the developer platform has not been disclosed by Twitter.

There is no further evidence that malicious parties have exploited the wrong setting in developer.twitter.com to steal API data. Attackers would then need to have knowledge of the bug as well as access to the browser the developer is using. The social networking site has found no evidence of this, and the warning was therefore mainly sent as a precaution.

You might also like