Twitter warned developers that a bug could have exposed their API keys and access tokens in their browser’s cache.
The social media platform told developers it doesn’t believe the apps and tokens have been compromised and that the problem had been fixed. “Prior to the fix, if you used a public or shared computer to view your developer app keys and tokens on developer.twitter[.]com, they may have been temporarily stored in the browser’s cache on that computer,” Twitter wrote. Someone using the same computer right after the developer who “knew how to access a browser’s cache” and “what to look for,” conceivably “could have accessed the keys and tokens” the developer viewed.
“As hundreds of billions of dollars in online business rely on APIs to smoothly function, this growing ubiquity makes APIs a juicy target for malicious hackers trying to exploit weaknesses in these connection points,” said Ameet Naik, security evangelist at PerimeterX. “Leaked keys and security tokens make their way to the dark web and are used in automated attacks against API endpoints.”
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.