Twitter emailed the developer a warning that the bug might have revealed private app keys and account codes.
The social media giant said in an email: The private key and token may be incorrectly stored in the browser's cache.
The email states: If you are using a public or shared computer to view the developer app key and token at (developer.twitter.com). This is a portal for developers who manage Twitter apps and additional API keys, hence it may have been cached. Browser was on this computer before the fix.
She added: "If someone knows how to access the browser cache, what to look for, and after that time they use the same computer, it is very likely that they will be able to access the keys and tokens displayed."
In some cases, the access codes that developers use on their Twitter accounts may also have been released.
These private keys and codes, like passwords, are confidential. Because it can interact with Twitter on behalf of the developers.
Twitter is warning developers that their account could be compromised |
The access code is very sensitive, too. Because if it is stolen, the attacker can access the user's account without the user's password.
The platform said: It did not see any evidence of hacking these keys, but it warned developers. Because he wants to make sure the developers know what's going on and the steps they can take to keep their apps and accounts safe.
Read e-mail: Users who can use the shared computer will need to recreate their application keys and tokens.
It is not known how many developers were affected by this error or when exactly the bug was fixed. A Twitter spokesperson did not provide any numbers.
The platform announced in June that business customers (for example those who advertise on the website) may incorrectly store their private information in the browser cache.
With hundreds of billions of dollars in online businesses that rely on APIs to function properly, this ubiquitous presence makes APIs an exciting target for hackers trying to exploit vulnerabilities.
Twitter said: It has changed the caching instructions that the website sends to the developer's browser to prevent information about your app or account being saved so that it doesn't happen again.