Flip the “days since the last Twitter security incident” back to zero.
Twitter said Tuesday that it has emailed its business customers, such as those who advertise on the site, to warn that their information may have been compromised in a security lapse.
The social network giant said that business users’ billing information was inadvertently stored in the browser’s cache, and it was “possible” that others, such as those who share computers, could have accessed it.
That data includes the business users’ email addresses, phone numbers and the last four-digits of their credit card number associated with the account.
Twitter told users that it first became aware of the problem on May 20, a month after Twitter disclosed a similar bug that improperly stored Twitter user data, such as direct messages, in Firefox’s browser cache.
BBC News was first to report the news.
Twitter spokesperson Laura Pacas confirmed the incident to TechCrunch, but declined to disclose the number of people affected.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
“We became aware of an incident where if you viewed your billing information on ads.twitter.com or analytics.twitter.com the billing information may have been stored in the browser’s cache,” the spokesperson said. “As soon as we discovered this was happening, we resolved the issue and communicated to potentially impacted clients to make sure they were aware and informed on how to protect themselves moving forward.”
It’s the latest security incident in recent years.
Last year alone, Twitter closed a bug that allowed a researcher to discover phone numbers associated with millions of Twitter accounts; admitted it gave account location data to one of its partners, even if the user had opted-out of having their data shared; and inadvertently gave its ad partners more data than it should have. Twitter last year also said it used phone numbers provided by users for two-factor authentication for serving targeted ads.
In 2018, Twitter admitted it stored user passwords in plaintext, and warned its millions of users to reset their passwords.
A Twitter app bug was used to match 17 million phone numbers to user accounts
