Twitter alerts business customers after flagging data breach

The company has apologised for an error that meant third-parties may have had local access to personal data

Twitter has messaged its business clients to inform them that their personal information may have been compromised in a “data security incident”

An issue with the way Twitter cached data on web browsers meant the personal information of customers' with the social media company's advertising or analytics platforms may have been locally accessed by third-parties.

Prior to 20 May, the company revealed, if business customers accessed their billing information, the data on this page would have been improperly stored in the cache of their internet browser

The potentially exposed information included email addresses, phone numbers, and the last four digits of users’ payment card as well as the billing address. The exposed information did not include complete card numbers, expiration dates or security codes.

Most internet browsers normally storing data in their cache for a short period like 30 days, although this is more than enough time for somebody to have inadvertently accessed the details customers viewed on Twitter. This is particularly true for shared or public devices.

“On May 20, 2020, we updated the instructions that Twitter sends to your browser’s cache to stop this from happening,” the company wrote in a message to customers. 

“While we have no evidence that your billing information was compromised, we want to make sure you aware of the issue and how to protect yourself going forward. If you currently use a shared computer to access your Twitter Ads or Analytics billing information, we recommend clearing the browser cache when you log out.”

The company has apologised for the incident, stressing it recognises the trust customers place in the platform.  

Twitter has previously been at the heart of several major security incidents, including most recently in August 2019 when the company found an issue in its privacy settings that may have led to user data being inadvertently shared with third-parties. 

Users who clicked or viewed an ad on the app from May 2018 may have accidentally shared data with its third-party measurement and advertising partners, even if permission hadn’t been granted.

In May 2018, meanwhile, Twitter told 330 million users to change their passwords after some were exposed in plain text over its internal network. This was due to a but which caused the passwords to be stored on a computer log before a hashing process was completed.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
IT services giant Sopra Steria falls victim to Ryuk ransomware
Security

IT services giant Sopra Steria falls victim to Ryuk ransomware

23 Oct 2020
How to wipe a laptop easily and securely
Security

How to wipe a laptop easily and securely

5 Oct 2020