In an email to businesses that advertise on its social media platform, Twitter said that the email addresses, phone numbers, and last four digits of the credit cards associated with companies’ Twitter accounts had been stored in the browser’s cache. Once it was stored in the cache, the information became accessible to anyone using the same computer. The company wouldn’t tell TechCrunch how many accounts the security lapse affected and it isn’t known if any of those accounts were adversely impacted by the problem.
“We became aware of an incident where if you viewed your billing information on ads.twitter.com or analytics.twitter.com the billing information may have been stored in the browser’s cache,” a company spokesperson told TechCrunch. “As soon as we discovered this was happening, we resolved the issue and communicated to potentially impacted clients to make sure they were aware and informed on how to protect themselves moving forward.”
According to TechCrunch, the company discovered the security lapse on May 20, just a month after it found a similar problem that caused user data, including direct messages, to be stored in the Mozilla Firefox browser cache.
“This means that if you accessed Twitter from a shared or public computer via Mozilla Firefox and took actions like downloading your Twitter data archive or sending or receiving media via Direct Message, this information may have been stored in the browser’s cache even after you logged out of Twitter,” the company said in an April 3 announcement.
Although there’s no indication that many businesses were adversely affected by the latest security lapse, the ways in which Twitter and other social media platforms store and use data raise questions about how safely they are handling sensitive user data.
TechCrunch notes that in 2019, Twitter mishandled and potentially exposed data multiple times, including fixing a bug that made phone numbers associated with million of user accounts discoverable; sharing location data with an unnamed partner even when users had opted out of data sharing; sharing more data with its advertising partners than users agreed to; and misusing phone numbers and emails provided by users for two-step authentication for targeted advertising purposes.
Beasley Allen lawyers Tyner Helms and Leslie Pescia handle cases involving fraud for Beasley Allen, including issues involving cybersecurity affecting consumers, the public and employees. If you feel you have a claim of economic loss related to a data breach or other cybersecurity issues, we would like to talk with you.