Twitter warned developers that a bug could have exposed their API keys and access tokens in their browser’s cache.
The social media platform told developers it doesn’t believe the apps and tokens have been compromised and that the problem had been fixed. “Prior to the fix, if you used a public or shared computer to view your developer app keys and tokens on developer.twitter[.]com, they may have been temporarily stored in the browser’s cache on that computer,” Twitter wrote. Someone using the same computer right after the developer who “knew how to access a browser’s cache” and “what to look for,” conceivably “could have accessed the keys and tokens” the developer viewed.