Expert Comments

New Twitter Breach – Security Expert Comments

Expert(s): Security Experts
Expert(s): Security Experts Published: Last Updated on

It has been reported that Twitter has detailed a serious “security incident” on the billing information of businesses using the social media giant. 

In a message to business owners on the platform, Twitter reported a data breach while using its advertisement and analytics platform. This meant that prior to May 20, 2020 certain details would be stored within a web browser’s cache. Web cache is whereby documents or information of the pages a user has visited are stored on the web browser. In a message to sent to business owners on the platform, Twitter said: “We are writing to let you know of a data security incident that may have involved your personal information on ads.twitter and analytics.twitter.

“We became aware of an issue that meant that prior to May 20, 2020, if you viewed your billing information on ads.twitter or analytics.twitter the billing information may have been stored in the browser’s cache. Examples of that information include, email address, phone number, last four digits of your credit card number.”

Experts Comments

Dot Your Expert Comments
Francis Gaffney
June 24, 2020
Director of Threat Intelligence
Mimecast

These data breaches could be prevented if the best security practices were followed by organisations.
It is clear from this breach that large companies, such as Twitter, are still finding it more than difficult to prevent breaches and keep their customers’ data safe. This seems to be becoming an all too common theme, with several organisations admitting to compromises in security recently. Our recent study, titled State of Email Security, found that 29% of UK businesses have lost data due to lack of cyber resilience preparedness. These data breaches could be prevented if the best security.....Read More
It is clear from this breach that large companies, such as Twitter, are still finding it more than difficult to prevent breaches and keep their customers’ data safe. This seems to be becoming an all too common theme, with several organisations admitting to compromises in security recently. Our recent study, titled State of Email Security, found that 29% of UK businesses have lost data due to lack of cyber resilience preparedness. These data breaches could be prevented if the best security practices were followed by organisations. Customers that give their data expect it to be looked after and failing to do so can have very serious implications for organisations. The reputational damage can be extreme, with many customers unwilling to do business with an organisation that has experienced such an incident. This particular breach is worrying because it appears that financial details were compromised, including email addresses, phone numbers, and the last four digits of clients' credit card numbers. These details can be used for future fraud and I would strongly recommend that anybody impacted, looks at changing their credit card immediately.  Read Less
Chris Hauk
June 24, 2020
Consumer Privacy Champion
Pixel Privacy

I strongly recommend users set their browsers to delete their cache when shutting down or restarting the browser
While we don't know for sure if the "data breach" was due to actions on the part of hackers or simply due to bad programming by developers, the Twitter cache issue underscores the importance of users not relying on websites to protect their privacy. I strongly recommend users set their browsers to delete their cache when shutting down or restarting the browser. While clearing cache files will cause websites to load more slowly after you restart your browser, the security advantages easily.....Read More
While we don't know for sure if the "data breach" was due to actions on the part of hackers or simply due to bad programming by developers, the Twitter cache issue underscores the importance of users not relying on websites to protect their privacy. I strongly recommend users set their browsers to delete their cache when shutting down or restarting the browser. While clearing cache files will cause websites to load more slowly after you restart your browser, the security advantages easily outweigh this minor inconvenience.  Read Less
Paul Bischoff
June 24, 2020
Privacy Advocate
Comparitech

If you've logged into Twitter ads or analytics from a device that's used by other people, there's a chance that information could be stolen.
Twitter's data security incident is relatively minor in both scope and severity. It only affects Twitter users who use the ads and analytics services, which is a small fraction of all Twitter users. Furthermore, an attacker needs access to the user's browser in order to steal information, and they can only steal it from one user at a time. Compared to a data breach in which hackers obtain information on thousands or millions of users in one go, the incentive for hackers to steal it is small......Read More
Twitter's data security incident is relatively minor in both scope and severity. It only affects Twitter users who use the ads and analytics services, which is a small fraction of all Twitter users. Furthermore, an attacker needs access to the user's browser in order to steal information, and they can only steal it from one user at a time. Compared to a data breach in which hackers obtain information on thousands or millions of users in one go, the incentive for hackers to steal it is small. The information they can access isn't particularly valuable given there's no complete payment data or especially sensitive personal information stored in the cache. If you've logged into Twitter ads or analytics from a device that's used by other people, there's a chance that information could be stolen. Ads and analytics users should be on the lookout for targeted phishing emails from Twitter or a related company, and be sure to clear their browser caches.  Read Less
Mark Bower
June 24, 2020
Senior Vice President
comforte AG

Aside from human error, it illustrates the frailty of modern, dynamic environments to some configurations leading to possible catastrophe.
The likely culprit here is human error, but it illustrates the frailty of modern, dynamic environments to just one or two configurations that can lead to potential catastrophe. While the data exposed here is limited in nature, it’s a timely reminder that organizations capturing personal data need to examine the complete data lifecycle risks and implement protective and operational controls that limit its exposure end to end.
Rusty Carter
June 24, 2020
Vice President
Digital.ai

While Twitter is highlighting the use-case of a shared computer, the potential risk of locally cached is much broader.
Twitter stored personal and financial information in the browser… this is a long known bad practice that should never have occurred, and it is hard to understand how a company that makes its business in web software and services could allow this to happen. The kill chain for this negligent exposure of PII goes way back through their development, security review, and release process and could/should have been caught multiple places before making it out to the public. While Twitter is.....Read More
Twitter stored personal and financial information in the browser… this is a long known bad practice that should never have occurred, and it is hard to understand how a company that makes its business in web software and services could allow this to happen. The kill chain for this negligent exposure of PII goes way back through their development, security review, and release process and could/should have been caught multiple places before making it out to the public. While Twitter is highlighting the use-case of a shared computer (more accurately shared browser instance/device “user”), the potential risk of locally cached (and unencrypted data) is much broader, and includes the potential for malicious websites and malware to exfiltrate the data from the browser. This is where attacks have been increasing as malware developers can use vulnerabilities in browsers, web technologies, and software supply chains (like magecart) to harvest valuable information from unsuspecting end-users.  Read Less
Justin Fier
June 25, 2020
Director of Cyber Intelligence & Analytics
Darktrace

Good cyber hygiene should be the first line of defense.
As one of the industry's best-known brands, Twitter's security incident might come as a surprise for companies but should serve as much-needed wake-up call. Many companies implicitly trust platforms like Twitter, Twitter Ads and Twitter Analytics to fit together perfectly but the reality is they are run by different teams and stakeholders, while also trying to balance complex digital supply chains. Just one small mistake in the code anywhere across the platform can result in major.....Read More
As one of the industry's best-known brands, Twitter's security incident might come as a surprise for companies but should serve as much-needed wake-up call. Many companies implicitly trust platforms like Twitter, Twitter Ads and Twitter Analytics to fit together perfectly but the reality is they are run by different teams and stakeholders, while also trying to balance complex digital supply chains. Just one small mistake in the code anywhere across the platform can result in major vulnerabilities for millions of users. This incident appears to be a case of human error and has left an unknown number of advertisers' personal data vulnerable to unauthorized access, including their credit card details, phone numbers, and email addresses. To protect themselves, companies must remember that trusting big brand names is not enough. Good cyber hygiene should be the first line of defense. Simple steps like evaluating what data is safe to store in the web browser, like frequently used images, and which should never be stored, like billing details, will help companies take some level of control. Secondly, gaining visibility into the company's network is critical. Companies are increasingly embracing AI, which can provide full, real-time visibility into everything happening on the network and shut down potential cyberattacks before they happen.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Fake App Attacks On The Rise, As Malware Hides In...

Expert On Study That Brits Using Pets’ Names As Online...

Expert Reaction On Europol Publishes Its Serious And Organised Crime...

Fake Netflix App Allows Hackers to Hijack WhatsApp

Hackers Pretend To Be Your Friend In The Latest WhatsApp...

Millions Of Brits Still Using Pet’s Names As Passwords Despite...

Advertised Sites May Appear Genuine On First Glance

Facebook Ran Ads For Malware-ridden ‘Clubhouse for PC’

Linkedin Data Of 500 Million Users Being Sold Online

Experts Comments On Identity Management Day – Tuesday 13th April