Twitter leaks personal data of business users

A new security incident affects social media users. According to specialists from a digital forensics course, Twitter has notified some of its commercial users of a problem that might have exposed some of their personal data in very specific cases.

In the report, Twitter’s security team told users that if they viewed their billing information on or by May 20, their personal information may have been cached. These records include data such as:

  • Email addresses
  • Phone numbers
  • The last four digits of payment cards
  • Billing data

Most browsers cache data for a certain period of time, so if an affected user was using a shared computer, it would be possible for another user to access and view that data, the experts of a digital forensics course mention. In a statement, Twitter apologized for the incident: “We recognize and appreciate the trust our customers place in us; we work every day to maintain that trust.”

This bug was fixed on May 20 through some security updates sent to browser caches to prevent something similar from happening in the future. Social network representatives mention that there is no evidence to show that the data of their affected business customers has been compromised during exposure time.

According to digital forensics specialists, a threat actor would have needed physical access to a Twitter enterprise client’s device to exploit the flaw, so it is unlikely that the flaw has been exploited.

On the other hand, experts mention that there is real risk in business contexts, as there is always the possibility of some internal threat. Finally, the company recommended users clear the cache of their browsers by logging out to mitigate the risk completely.  

So far Twitter has not issued any further statements about the incident, so the total number of users affected is still unknown. By consulting various cybersecurity experts, they all agree on the low probability of exploitation, as many factors must be linked to complete the exploitation of this failure.  

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.