Twitter has emailed developers warning of a bug that could have revealed their private application keys and account tokens.
In an email received from TechCrunch, the social media giant said that private keys and tokens may have been wrongly stored in the browser cache by accident.
Prior to patch, if you used a public or shared computer to access your developer app keys and tokens on developer.twitter.com, they could have been placed temporarily in the web browser cache on that computer," the email reads. If someone else used the same machine after you in that timeframe knew how to access the browser cache, and knew what to search for, they could have accessed the keys and tokens you've seen.
The email said that the developer's access token for their own Twitter account could also have been revealed in some cases.
These private keys and tokens are considered to be confidential, much like passwords, since they can be used to communicate with Twitter on behalf of the creator. Access tokens are also very sensitive since, if stolen, they can allow the intruder access to the user's account without the need for a password.
Twitter said it had not yet found any proof that these keys had been stolen, but warned developers out of abundance of caution. The email said users who may have used a shared device should regenerate their application keys and tokens.
It is not immediately clear how many developers were affected by the bug or when the bug was patched. A Twitter spokesperson would not have given a number.
In June, Twitter reported that business users, such as those who advertise on the web, could also have their private information incorrectly stored in the browser cache.