A bug that could unexpectedly and temporarily store important information and accounts of developers who visited the developer.twitter.com website in the cache of web browsers. Developers who have accessed this service through a shared or public workstation must take action as soon as possible to avoid the risk of exploitation.
Developers using the Twitter API Management Service for their apps and services through developer.twitter.com should be careful. The microblogging site warned this community of the risk of exploit related to an error in storing their identifiers (private keys and account access data) in the cache of the web browsers used to access them. Service. There is currently no evidence that this information has been compromised. However, when in doubt, Twitter prefers to prevent this from happening.
The developer.twitter.com service provides developers with access to the third-party application usage dashboard using Twitter APIs. “If you’ve used a public or shared computer to view the tokens and keys for your development applications on developer.twitter.com, they may have been temporarily stored in your PC’s browser cache,” warned Twitter. “If someone is using the same computer as you in a short amount of time, they will be able to access the keys and tokens that you can see.” In order to avoid the risk of an exploit, the company recommends that developers regenerate the keys and tokens of their applications.
Recurring cache problems
This is not the first time Twitter has taken such precautions. This was the case last May and June when the risk of finding information in the browser’s cache was also exploitable, especially regarding billing, email addresses, phone numbers, or even the last 4 credit card numbers. .