According to The BBC, some clients’ billing information for Twitter advertisers was inadvertently stored in their browser’s cache, which could have allowed other users on the computer to see this data. Twitter discovered the data leak on May 20, 2020, following which the company reached out to its business users to notify about the incident. The micro-blogging website emailed all its business customers including advertisers “to warn that their information may have been compromised in a security lapse”. The compromised data includes the email addresses of business users, phone numbers, and the last four digits of clients’ credit card numbers associated with the account. “We are writing to let you know of a data security incident that may have involved your personal information on ads.twitter and analytics.twitter,” wrote in the email sent to its business clients. “We became aware of an incident where if you viewed your billing information on ads.twitter.com or analytics.twitter.com the billing information may have been stored in the browser’s cache. Examples of that information include, email address, phone number, last four digits of your credit card number (not complete numbers, expiration dates or security codes), and billing address…..On May 20, 2020, we updated the instructions that Twitter sends to your browser’s cache to stop this from happening.” While Twitter said there was no evidence that billing information was compromised, it has suggested its users to clear out their web browser caches as a safety precaution. “We’re very sorry this happened. We recognise and appreciate the trust you place in us, and are committed to earning that trust every day,” the email concluded. This is not the first time Twitter has suffered a data breach. In 2018, the company had urged all its users to change their passwords after a bug exposed them in plain text on its internal network.
