Twitter says business users’ data leaked in security fiasco

Twitter says business users’ data leaked in security fiasco

Twitter says business users' data leaked in security fiasco

Twitter has admitted to a data security incident that resulted in business users’ billing information getting stored in the browser's cache and possibly being accessed by those using shared computers.

The social media giant revealed that the data security incident affected only business users who paid for advertisements on the platform. If a business user checked their billing information on or, the information was erroneously stored in the browser's cache.

“We became aware of an incident where if you viewed your billing information on or the billing information may have been stored in the browser’s cache,” the company told Tech Crunch.

“As soon as we discovered this was happening, we resolved the issue and communicated to potentially impacted clients to make sure they were aware and informed on how to protect themselves moving forward.”

The data leak was discovered by Twitter on 20th May, following which the company reached out to business users to advise them about the incident. Information leaked due to the fiasco included business users' email addresses, phone numbers, and the last four digits of their credit card numbers.

Commenting on the data security incident, Paul Bischoff, Privacy Advocate at, said that the incident was relatively minor in both scope and severity. "It only affects Twitter users who use the ads and analytics services, which is a small fraction of all Twitter users. Furthermore, an attacker needs access to the user's browser in order to steal information, and they can only steal it from one user at a time."

"Compared to a data breach in which hackers obtain information on thousands or millions of users in one go, the incentive for hackers to steal it is small. The information they can access isn't particularly valuable given there's no complete payment data or especially sensitive personal information stored in the cache," he added.

David Kennefick, product architect at Edgescan, also said that the data security incident shouldn't worry users much as access to the leaked information requires physical access to the device, so it may not be as exploitable as an alert like this might indicate.

"What Twitter have done is update their headers to include no-store and no-cache, which disables storing data from a website locally. Overall, not really an incident worth worrying about," he added.

This isn't the first time that an internal error by Twitter has resulted in the leakage of user data. In September 2018, Twitter said that a bug in its API was sending direct messages to the wrong users. This meant that if a user used Twitter’s Account Activity API (AAAPI) to communicate with customers, their DMs were exposed to the wrong users during the sixteen-month period when AAAPI was active.

Copyright Lyonsdown Limited 2020

Top Articles

Universal Health Services lost $67m to a Ryuk ransomware attack last year

Universal Health Services said the cyber attack cost it $67 million in remediation efforts, loss of acute care services, and other expenses.

How the human immune system inspired a new approach to cyber-security

Artificial intelligence is being used to understand what’s ‘normal’ inside digital systems and autonomously fight back against cyber-threats

Solarwinds CEO blames former intern for hilarious password fiasco

SolarWinds has accused a former intern of creating a very weak password for its update server and storing it on a GitHub server for months.

Related Articles