Twitter Is “Very Sorry” That Your Sensitive Data Has Been Exposed (Again)

  • Twitter is informing business owners that others may have accessed their sensitive user details.
  • The problem lies in browser cache data retention again, and the platform says it’s been fixed now.
  • The exposed users are now mostly running the risk of getting phished, or SIM swapped.

Twitter has discovered that the billing information of some users who had registered for “Twitter Ads” and “Twitter Analytics” has been exposed, but the chances of the information having been compromised are low. The social media company figured that some of the user data were kept in the browser’s cache, so someone could have potentially accessed it. The information includes email addresses, phone numbers, and the last four digits of the user’s credit card numbers. While not entirely catastrophic, these are all sensitive details that should have been adequately protected by the platform.

The message that Twitter sent out to the possibly affected individuals and businesses was the following:

“We are writing to let you know of a data security incident that may have involved your personal information on ads.twiter and analytics.twitter. We became aware of an issue that meant that prior to May 20, 2020, if you viewed your billing information on ads.twitter or analytics.twitter the billing information may have been stored in the browser's cache. Examples of that information include email address, phone number, last four digits of cour credit card number.”

The platform hasn’t determined the exact number of accounts that have been exposed in this incident, as a detailed write-up on the Twitter Privacy blog hasn’t been published yet (and may never appear). The problem is now fixed, but this is the same assurance that was given the last time that something like that happened. Back in April 2020, Twitter had a similar cache data retention problem with Mozilla Firefox users, which was apparently under active exploitation at the time of its discovery. Twitter is a big platform, and malicious actors are looking deeply to find these flaws, scanning everything 24/7. Thus, it would be safe to assume that if your data could be scraped, it got scraped.

If you are managing a valuable Twitter account, the disclosure of your phone number could be catastrophic. SIM swap actors would now know what number they need to port on their cards, so change your two-factor authentication method immediately. Phishing attempts that arrive via SMS would also be likely. They could even leverage this very security incident as an excuse to convince you to follow fake “secure your account” webpages, so be watchful and monitor your account activity frequently. As for the last four digits of your credit card, these would be mostly worthless for direct exploitation but could be used to give credibility to phishing messages instead.

How to Watch European Athletics Championships 2022 Online From Anywhere
The Athletics action is about to get underway at the 2022 European Championships, and we cannot wait to watch our favorite track...
How to Watch Legacy: The True Story of the LA Lakers Online From Anywhere
A new documentary series featuring LeBron James, Shaquille O'Neal, Magic Johnson, and more will soon premiere, and we're excited to watch it...
How to Watch Sky High Club: Scotland and Beyond Online From Anywhere
The show that tells the stories of the young crew members of the UK's largest regional airline will premiere soon, and we...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari