Jack Dorsey and the End of Twitter
Self-serve advertisers that viewed billing information on ads.twitter.com or analytics.twitter.com were affected when Twitter updated instructions it sends to browser caches to prevent this from happening.
The issue occurred prior to May 20, 2020, but Twitter only notified customers about it on June 23.
Self-serve advertisers, who are SMBs, were affected. Twitter launched a service in 2012 that let SMBs buy and place ads on its platform. It's now available to customers in more than 200 countries worldwide.
Customers who have additional questions can write to Twitter's Data Protection Officer.
Virtual Reality is expected to reach $34 billion by 2023 according to Markets and Markets and a combined total of $94 Billion including augmented reality by 2023.
Root of the ProblemTwitter's systems failed to send a JSON header which specified browsers shouldn't cache billing information and the browsers defaulted to caching the information, according to BBC journalist Alex Martin.
Maybe a leak, but not a breach. Brief explanation: Twitter was failing to send a JSON header which specified browsers shouldn't cache billing information, so the browsers defaulted to caching it. That's all that was happening. Very limited risk profile...https://t.co/62cPKP01xG — Alexander Martin (@AlexMartin)It's likely that the header was never set, and Twitter rolled out a change May 20 to address the situation, Craig Young, a computer security researcher at Tripwire, told TechNewsWorld.
"This is the kind of bug that could have existed since the advertising and analytics platforms launched," Chris Clements, VP of Solutions Architecture at Cerberus Sentinel, told TechNewsWorld. "Or, it could have been inadvertently introduced at any point since." Why the JSON header was omitted will not be clear without Twitter publishing its own root cause analysis, Clements said, but it's "likely due to an inadvertent coding change that was not properly caught during security reviews rather than a malicious attacker action."
Cybersecurity 2020: A Perilous Landscape
Current coding practice is likely the cause, he suggested. "The mantra of 'move fast and break things' many start-ups adopt means, unfortunately, that security best practices for preventing and detecting such errors are often missed, and it's customers that pay the price."
The Sci-Fi Prediction of VR – Pygmalion’s Spectacles. Stanley G. Weinbaum, a well-known science fiction writer from the 1930s, had the vision of what Virtual Reality is and what it may become, even before the official term was coined. In his 1930s short story Pygmalion’s Spectacles, he shares the idea that a wearer of a pair of goggles can experience fictional worlds through holographics, touch, smell and taste. This truly made him a visionary in the field of virtual reality.
Why the Delay in Notifying Clients?It's been more than a month since Twitter fixed the problem but the delay in notifying clients is not cause for concern, James McQuiggan, a security awareness advocate at KnowBe4, told TechNewsWorld.
"With a large organization like Twitter, this would trigger their incident response teams," he said. "Since it involves customers, they have to bring in their legal team, communications, the C-suite et cetera. How quickly they communicate to the public depends on their Enterprise Risk Program."
Once Twitter had reviewed the issues, identified the root cause and fixed the leak, technical teams would provide communication statements to legal for review, more meetings would follow, and the information would then be released.
"A month seems excessive," Clements said. Still, it's possible there were other confounding factors, such as determining which customer accounts may have been affected by the bug, and it's possible that Twitter did not deem the potential risk to users as a high enough priority to rush out notifications.
The Scope of the Problem
"There is no distinct time limit on how long the sensitive data may be stored in the cache unless it was tagged with an expiration date," he added.Still, "the lack of this security control was never a considerable threat to most users" except to those of shared computing systems, many of which are already configured to clear the cache between sessions, Young noted.
The Virtuality Group Arcade Machine Experiences. The 1990s saw huge developments in virtual reality. With the rise of the arcades and arcade games, it was only a matter of time, before developers started coming up with new and exciting concepts and ideas. A company known as The Virtuality Group was at the cutting edge of virtual reality, launching a wide range of arcade games and machines that let either one or a couple of players immerse themselves into amazing 3D visual experiences. This happened in 1991, a year before the movie The Lawnmower Man further introduced the Virtual Reality concept to a wider audience of people.
Any sensitive information that was cached would be limited to the local device used to access the information, Clements pointed out. As long as no other parties had access to the device and it hadn't been hacked, the data would not have been compromised.
Further, Web browsers may be cleared or expire on their own based on the configuration of the device. This could also limit how long data is stored locally in the cache.
The sensitive data stored is not immediately dangerous by itself and stealing it would require attackers to have access to each customer's device, Clements. said. "A malicious attacker that gained access to Twitter development required to introduce this issue would have much more attractive targets for theft and data disclosure."
Twitter's Ad SalesNews of the data leak will not impact Twitter's ad sales badly, Ray Wang, a principal analyst at Constellation Research, told TechNewsWorld.
In February, Twitter reported ad revenues of US$885 million, up 12 percent YoY, for Q4-2019. Its Q1-2020 report, filed in April, said total ad revenue for that quarter fell about 27 percent YoY because of the pandemic.By and large, though, the pandemic "has been good for most social networks as engagement has gone up and time spent on them has increased," Wang said.