Commentary: OAuth Twitter’s Secret App Keys leaked


For years we have been recommending that clients never share a password or create group accounts that are used by multiple people.  It is always best to create separate accounts for each user that is using a service, or in this case when applications are using a service.  Turns out that Twitter has given multiple applications the same OAuth credentials to use, so it is going to be hard to find out who leaked the key, and hard to change the key without updating all the application owners.

No Results