it's not copying the cookie, but there are absolutely third party UIs via a user... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		onefuncman on July 31, 2020 \| parent \| context \| favorite \| on: An update on our security incident it's not copying the cookie, but there are absolutely third party UIs via a user's API key, it's not a huge leap of faith to assume Twitter has similar internally.

Thorrez on July 31, 2020 [–]

A tool that allows an employee to access a user's API key? That sounds like a bad idea, especially if that tool is accessible to support personnel.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact