The OAuth keys and secrets that official Twitter applications use to access users Twitter accounts have been leaked in a post to Github this morning
From ThreadPost:
Twitter OAuth API Keys Leaked
The consumer keys and secrets, which function similarly to a username and password, were posted for Twitter for iPhone, Android, iPad, Mac, Windows Phone and TweetDeck. Unapproved third-party applications can now use these secrets to impersonate legitimate third-party apps and circumvent any access control measures Twitter has in place for unofficial apps.
“In OAuth, the consumer keys identify your application (eg. if you had a third-party Twitter client like HootSuite). Therefore, the impact is that someone can take your app's consumer key and use the OAuth API pretending to be your application (eg. I can make API calls pretending to be the HootSuite application),” said Jon Oberheide, CTO and cofounder of Duo Security, a hosted two-factor authentication service for mobile devices. Oberheide downplayed the security implications of the lead, adding that there could be indirect risks that are specific to a particular application or service.
Twitter OAuth API Keys Leaked