In what is described as a “data security incident,” sensitive details of Twitter’s customers were exposed. Unlike other cases of a breach which are instigated by a threat actor; this case is as a result of Twitter’s protocols. Twitter stores information in a web browser for up to 30 days; this implies that anyone who gets access to clients computer can view the billing details. Another indication is that malware on the computer can also gain access.
The messaging platform apologised for this leak after realizing that it was as a result of the way it stores its cache data. The details found in the cache: phone numbers, email addresses, billing addresses and last four digits of credit cards.
Those affected by the leak include Twitter ads customers, as well as those of Analytics Manager.
Bleeping Computer, a cybersecurity firm, said that despite resolving the caching issue on May 20, Twitter took a whole month to inform clients about the exposure.
The recent exposure follows a series of Twitter-imposed incidents. Back in 2018, Twitter realised that users’ passwords were vulnerable as it detected a hashing bug that exposed the passwords. After the discovery, users were asked to change their passwords. It didn’t stop there—another case sprouted in December. Due to frailty in the messaging platform researchers successful matched 17million phone numbers belonging to Twitter accounts.
A computer security researcher for cybersecurity firm Tripwire Inc.’s vulnerability and exposure research team, Craig Young, told SiliconANGLE.
“While this issue does not pose a risk for those of us using our personal computers, it is a teachable moment regarding the risk of shared computers. Whether you regularly rely on libraries or Internet cafes for access or need to print the occasional boarding pass from a hotel lobby, there can be a risk of exposing personal data. The next best solution is to bring your web browser and take it with you when you go. Several popular web browsers have Windows build designs to be run entirely off a USB flash drive so that sensitive data gets cached to the removable media rather than being left behind for others to find. Another option is to delete the cache for whatever browser is in use forcibly.”
Twitter has advised clients to clear their cache to avoid repetition continually.