Twitter alerts business customers after flagging data breach

Twitter has messaged its business clients to inform them that their personal information may have been compromised in a “data security incident”.

An issue with the way Twitter cached data on web browsers meant the personal information of customers' with the social media company's advertising or analytics platforms may have been locally accessed by third-parties.

Prior to 20 May, the company revealed, if business customers accessed their billing information, the data on this page would have been improperly stored in the cache of their internet browser.

Twitter owns up to third-party data breaches An inside job: The human factor of cybersecurity The scariest security horror stories of 2019

The potentially exposed information included email addresses, phone numbers, and the last four digits of users’ payment card as well as the billing address. The exposed information did not include complete card numbers, expiration dates or security codes.

Most internet browsers normally storing data in their cache for a short period like 30 days, although this is more than enough time for somebody to have inadvertently accessed the details customers viewed on Twitter. This is particularly true for shared or public devices.

“On May 20, 2020, we updated the instructions that Twitter sends to your browser’s cache to stop this from happening,” the company wrote in a message to customers.

“While we have no evidence that your billing information was compromised, we want to make sure you aware of the issue and how to protect yourself going forward. If you currently use a shared computer to access your Twitter Ads or Analytics billing information, we recommend clearing the browser cache when you log out.”

The company has apologised for the incident, stressing it recognises the trust customers place in the platform.

Twitter has previously been at the heart of several major security incidents, including most recently in August 2019 when the company found an issue in its privacy settings that may have led to user data being inadvertently shared with third-parties.

Users who clicked or viewed an ad on the app from May 2018 may have accidentally shared data with its third-party measurement and advertising partners, even if permission hadn’t been granted.

In May 2018, meanwhile, Twitter told 330 million users to change their passwords after some were exposed in plain text over its internal network. This was due to a but which caused the passwords to be stored on a computer log before a hashing process was completed.

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.