We didn’t have a new developer account at the time. We applied for one at the same time we visited apps.twitter.com to fix our callback URL.
There is only one person with direct access to that Twitter account, and we confirmed that they hadn’t visited apps.twitter.com around the time it was changed to an invalid URL. Anyone else who requires access typically has to go through the person who maintains it.
There is little to no chance that this was performed by a human. I’m the only person who would ever deal with the apps page, and my interactions with it are audited by another person.
If we’re unable to determine the cause of this modification within the next day or two, our internal policies will require us to treat it as a security breach and launch a formal investigation.
