Twitter Inc. apologized today after it discovered that billing information from business customers had been potentially exposed because of the way the site caches data.

Described as a “data security incident” by Twitter, the exposure affects customers of Twitter Ads and Analytics Manager. Information inputted by those customers, including email addresses, phone numbers, billing addresses and the last four digits of credit cards, was found to be stored in a user’s browser cache.

Twitter stores data in a web browser for 30 days, meaning that anyone who may have accessed a computer used by those affected could have obtained the billing data. Furthermore, any malware on a computer could have gained accessed to the data well.

According to Bleeping Computer, the caching issued was fixed May 20, but Twitter took more than a month to inform affected users that their data may have been exposed. As a precaution, Twitter has advised business users to clear their web browser caches.

“While this issue does not pose a risk for those of us using our own personal computers, it is a teachable moment regarding the risk of shared computers,” Craig Young, computer security researcher for cybersecurity firm Tripwire Inc.’s vulnerability and exposure research team, told SiliconANGLE. “Whether you regularly rely on libraries or Internet cafes for access or just need to print the occasional boarding pass from a hotel lobby, there can be a risk of exposing personal data.”

The best solution, he said, is simply to avoid using shared computers when entering or accessing personal data, but this’s not always an option. “The next best solution is to bring your own web browser and take it with you when you go,” he said. “Several popular web browsers have Windows builds designed to be run entirely off a USB flash drive so that sensitive data gets cached to the removable media rather than being left behind for others to find. Another option is to forcibly delete the cache for whatever browser is in use.”

This is not the first time Twitter has suffered from a data breach caused by its own doing. In 2018, Twitter users were encouraged to change their passwords after the company discovered a hashing bug that potentially exposed their passwords. In December, researchers were able to match 17 million phone numbers belonging to Twitter accounts because of a flaw in the Twitter Android app.

Photo: Unsplash