Twitter warns users of 'data security incident' involving billing information
Twitter has emailed an unknown number of users to warn them of a security incident that took place some time prior to May 20 this year.
The company says that personal and billing information of people who used the Ads or Analytics pages on the Twitter site may have been affected. Twitter says that the vulnerability has now been addressed, but has emailed users to explain the circumstances of the incident.
See also:
- Is Twitter losing the right?
- Facebook removes Nazi Trump ads while Twitter flags up 'racist baby' tweet
- You will soon be able to request Twitter verification
There is currently no evidence to suggest that any data has been compromised as a result of the incident, and this is thanks to the nature of the vulnerability. Twitter explains that users' billing information may have been stored in the cache of their web browser, although this does not include complete credit card details. Additionally, this data was not exposed online and could only be seen by anyone with physical access to the computer.
Twitter has since updated the way its Ads and Analytics pages work to fix the issue, but has still emailed users to inform them about what has happened. It is not clear why it Twitter waited more than a month after addressing the problems to let users know.
The full text of the email reads:
Hello,
We are writing to let you know of a data security incident that may have involved your personal information on ads.twitter.com and analytics.twitter.com.
We became aware of an issue that meant that prior to May 20, 2020, if you viewed your billing information on ads.twitter.com or analytics.twitter.com the billing information may have been stored in the browser's cache. Examples of that information include email address, phone number, last four digits of your credit card number (not complete numbers, expiration dates or security codes), and billing address. If you used a shared computer, it is possible that if someone used the computer after you they could have seen the information stored in the browser's cache (most browsers generally store data in their cache by default for a short period of time like 30 days).
On May 20, 2020, we updated the instructions that Twitter sends to your browser's cache to stop this from happening. While we have no evidence that your billing information was compromised, we want to make sure you're aware of the issue and how to protect yourself going forward. If you currently use a shared computer to access your Twitter Ads or Analytics billing information, we recommend clearing the browser cache when you log out.
We're very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day. If you have additional questions, you can write to our Office of Data Protection here.
Thank you.
Image credit: Juan Ci / Shutterstock