Twitter bug exposes account tokens and private keys
In a recent development, Twitter may have accidentally exposed the account tokens and private keys of developers. In an email informing all of the developers of the bug that existed, twitter said that the private keys and account tokens may have been temporarily stored in the browser’s cache.
Before the bug was fixed, it was possible that if a developer had used a shared computer, a person knowing what to look for in the cache of that computer’s browser could access the developer’s private key and account token. Therefore Twitter has urged any developers who have used shared computers to regenerate their keys immediately.
For those who don’t know what private keys and account tokens are, they are basically part of a process used to authenticate a user or a developer’s app using his account so if anyone gets access to your private key and account token, he could have full access to your account.
Twitter did however state that they have not yet seen any evidence of any keys being compromised but the notification was sent as a caution and for the security of its users. Twitter still refused to comment on how many developers may have been affected by the bug and the timeframe when the bug was active.