Security News > 2020 > June > Twitter Alerts Business Users of Billing Information Exposure
Twitter has started informing business customers that their billing information may have been exposed in what the company has described as a "Data security incident" affecting its ads and analytics services.
"If you used a shared computer, it is possible that if someone used the computer after you they could have seen the information stored in the browser's cache," Twitter told customers, clarifying that cached data is typically stored for a limited time, such as 30 days.
"While we have no evidence that your billing information was compromised, we want to make sure you're aware of the issue and how to protect yourself going forward. If you currently use a shared computer to access your Twitter Ads or Analytics billing information, we recommend clearing the browser cache when you log out," Twitter said in its email.
Mackey added, "In this case, it appears the development team for Twitter Business stored sensitive information in browser cookies, and turned their browser cookies into a cache of database information. Not only does this presume that the user will always use the same device when accessing their Twitter Business account, but it also presumes the user has only one device since changes in information like updated billing information can't possibly be sent to the browser cache of all devices when data updates happen. The better way to handle sensitive information is to only request it from a secured data store as needed and then ensure local copies of the data aren't created which could be left behind."
Twitter has disclosed several security issues over the past years, including related to the Android app exposing protected tweets, the use of account security information for advertising, an API vulnerability exploited to match usernames to phone numbers, direct messages being exposed to third-party developers, and the Android app allowing hackers to obtain sensitive data and hijack accounts.