A feature in the Twitter API (application programming interface) can be abused by attackers to launch credible social engineering attacks that would give them a high chance of hijacking user accounts. The issue has to do with how Twitter uses the OAuth standard to authorize third-party apps, including desktop or mobile Twitter clients, to interact with user accounts through its API. An attacker could use such tokens to post new tweets on behalf of the compromised users, read their private messages, modify the location displayed in tweets, and more.”]