[German]This week Twitter had to apologize to customers for a data leak where unauthorized persons gained access to business data (invoice data). Here are a few details known so far.
I became aware of this issue through blog reader Tobias W. these days. He probably received the following mail from Twitter:
We are writing to let you know of a data security incident that may have
involved your personal information on ads.twitter.com and
We became aware of an issue that meant that prior to May 20, 2020, if
you viewed your billing information on ads.twitter.com or
analytics.twitter.com the billing information may have been stored in
the browser’s cache. Examples of that information include email address,
phone number, last four digits of your credit card number (not complete
numbers, expiration dates or security codes), and billing address. If
you used a shared computer, it is possible that if someone used the
computer after you they could have seen the information stored in the
browser’s cache (most browsers generally store data in their cache by
default for a short period of time like 30 days).
On May 20, 2020, we updated the instructions that Twitter sends to your
browser’s cache to stop this from happening. While we have no evidence
that your billing information was compromised, we want to make sure
you’re aware of the issue and how to protect yourself going forward. If
you currently use a shared computer to access your Twitter Ads or
Analytics billing information, we recommend clearing the browser cache
when you log out.
We’re very sorry this happened. We recognize and appreciate the trust
you place in us, and are committed to earning that trust every day. If
you have additional questions, you can write to our Office of Data
Protection here <zensiert>
Twitter International Company
One Cumberland Place, Fenian Street
Dublin 2, D02 AX07 IRELAND
It has been found that users store confidential information about business transactions (name, e-mail, credit card number, etc.) in the local cache of the browser as they are entered. This bears the risk that unauthorized third parties can access sensitive data via the cache.
On 20 May 2020, Twitter updated the instructions on how to use the browser cache to prevent the data from flowing out this way. Although people have no evidence that billing data has been compromised, Twitter officials want to make sure that users are aware of the problem and know how to protect themselves in the future.
If you use a shared computer to access Twitter ads or retrieve billing information, Twitter people recommend that you clear your browser cache when you log out. The BBC has published an article about this here – and here you can find something about it.