Flip the “days since the last Twitter security incident” back to zero.
Twitter said Tuesday that it has emailed its business customers, such as those who advertise on the site, to warn that their information may have been compromised in a security lapse.
The social network giant said that business users’ billing information was inadvertently stored in the browser’s cache, and it was “possible” that others, such as those who share computers, could have accessed it.
That data includes the business users’ email addresses, phone numbers and the last four-digits of their credit card number associated with the account.
Twitter told users that it first became aware of the problem on May 20, a month after Twitter disclosed a similar bug that improperly stored Twitter user data, such as direct messages, in Firefox’s browser cache.
BBC News was first to report the news.
Twitter spokesperson Laura Pacas confirmed the incident to TechCrunch, but declined to disclose the number of people affected.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch, and a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
“We became aware of an incident where if you viewed your billing information on ads.twitter.com or analytics.twitter.com the billing information may have been stored in the browser’s cache,” the spokesperson said. “As soon as we discovered this was happening, we resolved the issue and communicated to potentially impacted clients to make sure they were aware and informed on how to protect themselves moving forward.”
It’s the latest security incident in recent years.
Last year alone, Twitter closed a bug that allowed a researcher to discover phone numbers associated with millions of Twitter accounts; admitted it gave account location data to one of its partners, even if the user had opted-out of having their data shared; and inadvertently gave its ad partners more data than it should have. Twitter last year also said it used phone numbers provided by users for two-factor authentication for serving targeted ads.
In 2018, Twitter admitted it stored user passwords in plaintext, and warned its millions of users to reset their passwords.
A Twitter app bug was used to match 17 million phone numbers to user accounts
