Twitter Bug That Exposed Advertisers’ Sensitive Information to Employees Is Now Fixed

Twitter Bug That Exposed Advertisers’ Sensitive Information to Employees Is Now Fixed

Published: November 16, 2022

Following reports of a major bug in Twitter’s system that allegedly exposed several of its advertisers’ information to the company’s marketing team, the social media platform released a patch on Saturday to address the issue.

However, some wonder if such a serious hiccup in the system could further damage the already deteriorating relationship between Twitter and its advertisers.

Privacy researcher Zach Edwards on Thursday alleged that Twitter handled sensitive credit card information without encryption. The card details in question belong to corporate entities, namely advertisers, and are literal gold mines in the hands of malicious actors on the web.

“These are ad tech corporate credit cards with wild limits,” said Edwards. He was researching what happens when people add their credit card information to their Twitter ads account when he encountered this potentially devastating bug on his browser.

If they wanted to, Twitter employees would have been able to take screenshots of sensitive credit card information before the bug was fixed. Twitter engineers learned about the bug thanks to Edwards’ discovery and were able to clear it up over the weekend.

The latest problem at Twitter is only one in a series of dramatic events following Elon Musk’s takeover of the social media platform in late October. From announcing verification changes and then delaying them, to creating new cybersecurity concerns, Musk has stirred controversy since the acquisition.

Between terminating employees and intensifying the workload of the remianing staff, many saw such issues to crop up. Moreover, engineers at Twitter are now required to “self-certify compliance with FTC requirements and other laws,” according to an internal slack message.

Because of this, and Musk’s supposed plan to cut back on moderation, several companies have already pulled their advertising from Twitter, citing brand safety concerns. Mondelez International, the company making Oreos, is one of several brands that have stopped advertising on the platform due to a rise in hate speech.

This isn't the first time that Twitter has landed in hot water over security issues on the platform -- particularly, ones that give employees too much access to data.

In September, Twitter whistleblower Peiter Zatko testified before Congress that employees' overstepping access to sensitive data is a national security risk, as there could potentially be foreign agents among Twitter’s ranks.

Interestingly enough, Twitter Blue, which relies on payment processor Stripe, does not suffer from the same type of bug.

Subscribe to Spotlight Newsletter
Subscribe to our newsletter to get the latest industry news