Twitter says business users’ data leaked in security fiasco

Twitter says business users’ data leaked in security fiasco

Twitter says business users' data leaked in security fiasco

Twitter has admitted to a data security incident that resulted in business users’ billing information getting stored in the browser’s cache and possibly being accessed by those using shared computers.

The social media giant revealed that the data security incident affected only business users who paid for advertisements on the platform. If a business user checked their billing information on or, the information was erroneously stored in the browser’s cache.

“We became aware of an incident where if you viewed your billing information on or the billing information may have been stored in the browser’s cache,” the company told Tech Crunch.

“As soon as we discovered this was happening, we resolved the issue and communicated to potentially impacted clients to make sure they were aware and informed on how to protect themselves moving forward.”

The data leak was discovered by Twitter on 20th May, following which the company reached out to business users to advise them about the incident. Information leaked due to the fiasco included business users’ email addresses, phone numbers, and the last four digits of their credit card numbers.

Commenting on the data security incident, Paul Bischoff, Privacy Advocate at, said that the incident was relatively minor in both scope and severity. “It only affects Twitter users who use the ads and analytics services, which is a small fraction of all Twitter users. Furthermore, an attacker needs access to the user’s browser in order to steal information, and they can only steal it from one user at a time.”

“Compared to a data breach in which hackers obtain information on thousands or millions of users in one go, the incentive for hackers to steal it is small. The information they can access isn’t particularly valuable given there’s no complete payment data or especially sensitive personal information stored in the cache,” he added.

David Kennefick, product architect at Edgescan, also said that the data security incident shouldn’t worry users much as access to the leaked information requires physical access to the device, so it may not be as exploitable as an alert like this might indicate.

“What Twitter have done is update their headers to include no-store and no-cache, which disables storing data from a website locally. Overall, not really an incident worth worrying about,” he added.

This isn’t the first time that an internal error by Twitter has resulted in the leakage of user data. In September 2018, Twitter said that a bug in its API was sending direct messages to the wrong users. This meant that if a user used Twitter’s Account Activity API (AAAPI) to communicate with customers, their DMs were exposed to the wrong users during the sixteen-month period when AAAPI was active.

Copyright Lyonsdown Limited 2021

Top Articles

The benefits of external threat hunting

Have you heard of external threat hunting or threat reconnaissance? If you have, you’re in the 1 per cent of the 1 per cent.

From growing supply chain attacks to ransomware gangs putting lives at risk

From ransomware pile-ons to commoditized supply chain TTPs, the threat landscape is set to evolve at a worrying pace in the year ahead.

Restricting company information - hide the truth or lie about it?

It seems like a cliché: a person’s life changes when they’re exposed to a previously concealed or distorted truth. In theory, all information is freely available – and, therefore, is…

Related Articles

[s2Member-Login login_redirect=”” /]