Due to a bug, Twitter API keys may have been exposed, as per the warning that comes from the company officials.
The goods news is that the apps, tokens, and the main social media platform do not appear to have been compromised.
Furthermore, the social media giant has swiftly moved on to address these cyber security issues that are now fixed.
Before the fix was applied, using a shared or publicly accessible computer to view your app keys by visiting developer.twitter.com meant that during the session, the computer would store access keys and tokens.
Although temporary in nature, these access keys and tokens could have been scraped by a tech-savvy individual who knew what they were looking for.
Ameet Naik, security expert at PerimeterX, explained the way how these APIs work.
Allegedly, there is an online industry worth hundred of billions of dollars that relies on these APIs for access and functionality purposes.
As such, it is not hard to see why obtaining these API credentials would be of interest to a hacker who could go on to exploit them.
Oftentimes, leaked API keys and security tokens are posted on the dark web.
Once in the wild, hackers might include them as part of their hacking campaigns that involve automated attacks against API endpoints.
PerimeterX conducted relevant research that shows a frightening 75% of login requests from API endpoints have malicious intents.
What is more worrying, as Naik reveals, is that API attacks are not only easier to execute from a technical standpoint, they are also harder to detect compared to browser botnet attacks.
He proceeded to advise the developers to take the steps necessary to protect their API keys — key vaults are a good place to start.
In an effort to prevent other similar bugs in the future, Twitter has decided to change how caching works on developers’ browsers so it will not store any account information.