Need help? Check out our FAQs for solutions to a wide range of topics.
What could a hacker do with client_id and client_secret?
Could the attacker benefit from this access?
They would be able to create tokens as if they were you, and the usage would be attributed to you. The secret can be reset in the developer dashboard if you need to.