Twitter privacy issues: Firefox cached files sent through DMs

Twitter revealed that a bug allowed private files shared via the platform to be stored inside Firefox cache for up to seven days

Twitter stored DM data on Firefox

Twitter stored DM data on Firefox

Those who use Mozilla Firefox for accessing Twitter and sharing files via private DMs should be concerned – it turned out that all data shared with others was cached by the web browser, even after users logged out. While this may not seem like a huge issue to home users, those who accessed Twitter via public computers got their sent data exposed, as Twitter explains:

This means that if you accessed Twitter from a shared or public computer via Mozilla Firefox and took actions like downloading your Twitter data archive or sending or receiving media via Direct Message, this information may have been stored in the browser’s cache even after you logged out of Twitter.

According to the official announcement,[1] this information is set to be stored on the cache for at least seven days and is deleted right after. Twitter also said that Firefox was the only browser that was affected by the bug,[2] and those using Safari, Chrome, or another browser to access the social media platform, were not affected.

Clear Firefox cache to avoid data exposure

Browser cache is a place where all the temporary internet files are stored. Since downloading data to be displayed from a local hard drive is much faster than doing so from the internet, caches still exist (despite the ever-increasing bandwidth speeds), although experts advise to clean them regularly.[3] However, a cache is not there to be used for your personal information, and pictures or other data you transfer through Twitter direct messages are considered to be personal, hence Twitter had to take care of the issue.

The social network said it fixed the bug that allowed shared information to be stored within Firefox cache, and it is no longer shared there. Those that exposed personal files or other information, such as data archives download from the settings page, should access the computer that was used to access Twitter on, and wipe out the cache.

If you are one of those who think that could be affected by this bug, please follow these steps to clear the cache on Firefox:

  • Click on the Menu located at the top-right corner
  • Select “Options”
  • Click on “Privacy and Security”
  • Locate “Cookies and Site Data” section
  • Select “Clear Data”

Twitter encourages users to use public computers carefully

While the shared information on a library computer might not be a big deal, as it will be removed within seven days, malware-infected computers could potentially steal the cached data if it is programmed to do so. For example, an MS Office file that contains employers’ personal data, or one that includes information about a company’s infrastructure or business plans. Malware that stole Twitter and other account credentials were spotted in the wild before.[4] Such details can be extremely valuable to cybercriminals[5] hence it is important to ensure that your machine is not infected with malware – perform regular system scans with security software for that.

While Twitter apologized for the inconvenience that this bug could have caused social media users, it also said that those who use public computers should always clean web cache after they are done with using them, and also never save personal information on shared devices. This might also be problematic, as browsers nowadays are interconnected, and so are the accounts. Inexperienced users might forget about these features and leave their social media or other accounts accessible to everybody.

Twitter said that those who were impacted by the data shading issue and still have questions/issues about the incident could fill in Data Protection Inquiry form – it can be found here.