Twitter alerts business customers after flagging data breach

The company has apologised for an error that meant third-parties may have had local access to personal data

Twitter has messaged its business clients to inform them that their personal information may have been compromised in a “data security incident”

An issue with the way Twitter cached data on web browsers meant the personal information of customers' with the social media company's advertising or analytics platforms may have been locally accessed by third-parties.

Prior to 20 May, the company revealed, if business customers accessed their billing information, the data on this page would have been improperly stored in the cache of their internet browser

The potentially exposed information included email addresses, phone numbers, and the last four digits of users’ payment card as well as the billing address. The exposed information did not include complete card numbers, expiration dates or security codes.

Most internet browsers normally storing data in their cache for a short period like 30 days, although this is more than enough time for somebody to have inadvertently accessed the details customers viewed on Twitter. This is particularly true for shared or public devices.

“On May 20, 2020, we updated the instructions that Twitter sends to your browser’s cache to stop this from happening,” the company wrote in a message to customers. 

“While we have no evidence that your billing information was compromised, we want to make sure you aware of the issue and how to protect yourself going forward. If you currently use a shared computer to access your Twitter Ads or Analytics billing information, we recommend clearing the browser cache when you log out.”

The company has apologised for the incident, stressing it recognises the trust customers place in the platform.  

Twitter has previously been at the heart of several major security incidents, including most recently in August 2019 when the company found an issue in its privacy settings that may have led to user data being inadvertently shared with third-parties. 

Users who clicked or viewed an ad on the app from May 2018 may have accidentally shared data with its third-party measurement and advertising partners, even if permission hadn’t been granted.

In May 2018, meanwhile, Twitter told 330 million users to change their passwords after some were exposed in plain text over its internal network. This was due to a but which caused the passwords to be stored on a computer log before a hashing process was completed.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Most Popular

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021