Jumat, 25 September 2020

Your app keys and tokens on developer.twitter.com

 
 
Twitter
 
Hello,
 
We are writing to let you know about a bug we discovered and fixed where information about your Twitter developer apps may have been stored in your browser's cache when you visited developer.twitter.com. While we currently have no evidence that your developer app keys and tokens were compromised, we want to make sure you're aware of what happened and what you can do to keep your apps and account secure.
 
What happened
Prior to the fix, if you used a public or shared computer to view your developer app keys and tokens on developer.twitter.com, they may have been temporarily stored in the browser's cache on that computer. If someone who used the same computer after you in that temporary timeframe knew how to access a browser's cache, and knew what to look for, it is possible they could have accessed the keys and tokens that you viewed. Depending on what pages you visited and what information you looked at, this could have included your app's consumer API keys, as well as the user access token and secret for your own Twitter account. If you have not used a shared computer to visit developer.twitter.com with a logged-in Twitter account, this issue would not have impacted you.
 
We changed the caching instructions that developer.twitter.com sends to your browser to stop it from storing information about your apps or account so this won't happen any longer.
 
What you can do
If you used a shared computer to visit developer.twitter.com with a logged-in Twitter account, we recommend that you regenerate your app keys and tokens. If you're unsure of how to do this, follow the steps listed under "Regenerating API Keys" in our documentation.
 
We recognize and appreciate the trust you place in us, and are committed to earning that trust every day. If you have additional questions, you can write to our Office of Data Protection here.
 
Thank you.
 
 
 
 
 
 
 
 
 
————————————————————————————

Tidak ada komentar:

Posting Komentar