New Twitter Breach – Security Expert Comments

It has been reported that Twitter has detailed a serious “security incident” on the billing information of businesses using the social media giant. 

In a message to business owners on the platform, Twitter reported a data breach while using its advertisement and analytics platform. This meant that prior to May 20, 2020 certain details would be stored within a web browser’s cache. Web cache is whereby documents or information of the pages a user has visited are stored on the web browser. In a message to sent to business owners on the platform, Twitter said: “We are writing to let you know of a data security incident that may have involved your personal information on ads.twitter and analytics.twitter.

“We became aware of an issue that meant that prior to May 20, 2020, if you viewed your billing information on ads.twitter or analytics.twitter the billing information may have been stored in the browser’s cache. Examples of that information include, email address, phone number, last four digits of your credit card number.”


EXPERTS COMMENTS
Justin Fier, Director of Cyber Intelligence & Analytics,  Darktrace
June 25, 2020
Good cyber hygiene should be the first line of defense.
As one of the industry's best-known brands, Twitter's security incident might come as a surprise for companies but should serve as much-needed wake-up call. Many companies implicitly trust platforms like Twitter, Twitter Ads and Twitter Analytics to fit together perfectly but the reality is they are run by different teams and stakeholders, while also trying to balance complex digital supply chains ....
[Read More >>]
Rusty Carter, Vice President,  Digital.ai
June 24, 2020
While Twitter is highlighting the use-case of a shared computer, the potential risk of locally cached is much broader.
Twitter stored personal and financial information in the browser… this is a long known bad practice that should never have occurred, and it is hard to understand how a company that makes its business in web software and services could allow this to happen. The kill chain for this negligent exposure of PII goes way back through their development, security review, and release process and could/sho ....
[Read More >>]
Francis Gaffney, Director of Threat Intelligence,  Mimecast
June 24, 2020
These data breaches could be prevented if the best security practices were followed by organisations.
It is clear from this breach that large companies, such as Twitter, are still finding it more than difficult to prevent breaches and keep their customers’ data safe. This seems to be becoming an all too common theme, with several organisations admitting to compromises in security recently. Our recent study, titled State of Email Security, found that 29% of UK businesses have lost data due to lac ....
[Read More >>]
Chris Hauk, Consumer Privacy Champion,  Pixel Privacy
June 24, 2020
I strongly recommend users set their browsers to delete their cache when shutting down or restarting the browser
While we don't know for sure if the "data breach" was due to actions on the part of hackers or simply due to bad programming by developers, the Twitter cache issue underscores the importance of users not relying on websites to protect their privacy. I strongly recommend users set their browsers to delete their cache when shutting down or restarting the browser. While clearing cache files will caus ....
[Read More >>]
Paul Bischoff, Privacy Advocate,  Comparitech
June 24, 2020
If you've logged into Twitter ads or analytics from a device that's used by other people, there's a chance that information could be stolen.
Twitter's data security incident is relatively minor in both scope and severity. It only affects Twitter users who use the ads and analytics services, which is a small fraction of all Twitter users. Furthermore, an attacker needs access to the user's browser in order to steal information, and they can only steal it from one user at a time. Compared to a data breach in which hackers obtain informat ....
[Read More >>]
Mark Bower, Senior Vice President ,  comforte AG
June 24, 2020
Aside from human error, it illustrates the frailty of modern, dynamic environments to some configurations leading to possible catastrophe.
The likely culprit here is human error, but it illustrates the frailty of modern, dynamic environments to just one or two configurations that can lead to potential catastrophe. While the data exposed here is limited in nature, it’s a timely reminder that organizations capturing personal data need to examine the complete data lifecycle risks and implement protective and operational controls that ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article