Twitter Is 'Very Sorry' After the Latest Data Breach That Affected Business Clients
With more than 300 million active users, Twitter is one of the most popular social networks in the world. The fact that some of its business clients might have had their data exposed sounds like massive news, but before people start pulling their hair out, they must first learn the facts.
The news was first reported by the BBC yesterday. The data security incident apparently concerns users and organizations who pay for ads on Twitter, and it involves personal details like email addresses, phone numbers, and the last four digits of the affected individuals' credit card numbers. Apparently, full payment information hasn't been put at risk, but despite this, based on what we listed above, the incident is shaping up to be pretty serious. The details, however, paint a different picture.
It was a browser cache problem
The potentially exposed information was not stolen by hackers who broke through Twitter's defenses. It wasn't put in a misconfigured database, either. The publicly available details are scarce for the time being, but a Twitter spokesperson told TechCrunch that affected individuals' browsers may have stored the aforementioned data in the cache, which could have potentially exposed it to other people.
Those people would need access to the victim's computer, though, and they would also need to know what to look for and where. Twitter has addressed the vulnerability now, and business clients are assured that their data is safe. Even when it was active, however, the threat was dependent on lots of "ifs," which means that the real danger for Twitter users was not that big.
That being said, the incident should prompt the world's most popular microblogging platform to be a bit more careful when it comes to security. There are actually multiple reasons for this.
It wasn't the first security incident for Twitter
The vulnerability was discovered and addressed in late-May, just over a month after Twitter patched a similar browser cache problem, which affected people who use the social network through Firefox. In 2018, the microblogging platform inadvertently stored the plaintext passwords of all its 330 million users in a file that was supposedly accessible only internally. As TechCrunch pointed out, Twitter has been through a few other incidents that also concerned the privacy of people's data, and it has received its fair share of criticism for them.
If Jack Dorsey and his team want to avoid further negative comments, they need to up their security game. They might want to think about their disclosure as well.
Twitter is reluctant to share many details on the vulnerability
Twitter didn't announce the incident officially. The potentially affected customers have been notified by an email that explains how sorry the social network's security experts are. The number of people who have been affected is unknown, and so is the reason for the vulnerability.
Although the immediate danger for users isn't that massive at this point, this sort of information is still very important, and, being one of the biggest and most recognizable names in the industry, Twitter should be well aware of the fact that being prolifically apologetic simply isn't enough in the wake of such incidents. Hopefully, from now on, the social network will be more transparent about its security misfortunes.