SECURITY
SECURITY
SECURITY
Twitter apologizes after exposing business customer information
Twitter Inc. apologized today after it discovered that billing information from business customers had been potentially exposed because of the way the site caches data.
Described as a “data security incident” by Twitter, the exposure affects customers of Twitter Ads and Analytics Manager. Information inputted by those customers, including email addresses, phone numbers, billing addresses and the last four digits of credit cards, was found to be stored in a user’s browser cache.
Twitter stores data in a web browser for 30 days, meaning that anyone who may have accessed a computer used by those affected could have obtained the billing data. Furthermore, any malware on a computer could have gained accessed to the data well.
According to Bleeping Computer, the caching issued was fixed May 20, but Twitter took more than a month to inform affected users that their data may have been exposed. As a precaution, Twitter has advised business users to clear their web browser caches.
“While this issue does not pose a risk for those of us using our own personal computers, it is a teachable moment regarding the risk of shared computers,” Craig Young, computer security researcher for cybersecurity firm Tripwire Inc.’s vulnerability and exposure research team, told SiliconANGLE. “Whether you regularly rely on libraries or Internet cafes for access or just need to print the occasional boarding pass from a hotel lobby, there can be a risk of exposing personal data.”
The best solution, he said, is simply to avoid using shared computers when entering or accessing personal data, but this’s not always an option. “The next best solution is to bring your own web browser and take it with you when you go,” he said. “Several popular web browsers have Windows builds designed to be run entirely off a USB flash drive so that sensitive data gets cached to the removable media rather than being left behind for others to find. Another option is to forcibly delete the cache for whatever browser is in use.”
This is not the first time Twitter has suffered from a data breach caused by its own doing. In 2018, Twitter users were encouraged to change their passwords after the company discovered a hashing bug that potentially exposed their passwords. In December, researchers were able to match 17 million phone numbers belonging to Twitter accounts because of a flaw in the Twitter Android app.
Photo: Unsplash
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
