Due to a cybersecurity incident once again in a while, Twitter came into the news. According to BBC, twitter has apologized to its business users due to a personal data breach. The breach includes businesses that use Twitter’s advertising and analytics platforms but it is not clear yet how many businesses are affected by this breach.
As reported first by the UK-based Daily Express, Twitter revealed via its email that the breach affected the users of the Twitter Ads and Twitter Analytics platform.
According to the BBC, Twitter emailed its business customers including advertisers “to warn them that their information may have been compromised in a security lapse”
In an email to its clients, Twitter said it was “possible” others could have accessed personal information. Because billing information of clients was stored in the browser’s cache.
The company says that there is no evidence that clients’ billing information was compromised. But according to a report, “The data includes email addresses, the last four digits of credit card numbers and phone numbers.”
The question is when and how did the breach happen? The company did not disclose any details about this fact. They did not even disclose the extent of the breach. Yet, they apologized to their customers, “We’re very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day.”
To make things clear with the users, they made a huge change in their policy about the data type that is shared. Twitter advised all its users especially users accessing Twitter Ads and Analytics platforms on the shared computers to clear the browser cache before logging out. On the other hand, it is hard to believe that non-business users are not affected by this breach.
A Twitter spokesperson confirmed the latest incident to a well-known resource, “We became aware of an incident where if you viewed your billing information on ads.twitter.com or analytics.twitter.com the billing information may have been stored in the browser’s cache,” the spokesperson was quoted as saying, “As soon as we discovered this was happening, we resolved the issue and communicated to potentially impacted clients to make sure they were aware and informed on how to protect themselves moving forward.”
Twitter has also been a victim of a breach or internal leak in 2018. In 2018, it asked the users to change the passwords.
According to a report, last year, in May, Twitter disclosed a bug that shared some iOS users’ data with an unnamed partner, even if the users did not opt to share data. The bug affected Twitter’s iOS user base and they were notified about the issue.
Last year, in December, twitter admitted to yet another breach that a malicious code was inserted to its app that may have leaked users’ information as users received a warning email to update their app for android.
This time More than 32.8 million Twitter credentials have been harmed that are available for sale on the dark web, claims LeakedSource, a subscription-based breach notification service.
“Each [Twitter] record may contain an email address, a username, sometimes a second email, and a visible password,” LeakedSource reports in a blog. “We have very strong evidence that Twitter was not hacked, rather the consumer was. These credentials, however, are real and valid. Out of 15 users, we asked, all 15 verified their passwords.”
Leaked Source claims that the data leak stems from malware infecting users’ devices, “and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter.”