SECURITY ALERT: Twitter Data Cache on Firefox May Have Left Your Personal Data Visible on Shared Computers
Other browsers were not affected
Twitter recently revealed a data privacy issue caused by the way in which Mozilla Firefox cached data, meaning that the personal information of Twitter users may have been stored in Firefox’s cache. More specifically, private files shared via direct messages and data downloads could have been saved unintentionally in the browser’s cache, even if you signed out of Twitter. This issue did not affect other browsers.
What is browser cache and how does it work?
Every time you access a website for the first time, your browser connects to its remote server. Then, the browser sends a request and the server responds, providing the HTML page, upon which the website is built. As your browser reads the HTML code, it starts sending out more requests to the server in order for the page to be displayed completely.
Since this process generally takes up a lot of bandwidth, some HTML elements will be stored for a certain amount of time in the browser on your machine. The speed at which files are loaded locally from your device will always be higher than always having to access the files from the website’s remote server. For instance, images on a website can be quite large, so when the browser caches them, this means they would only have to be downloaded once, then accessed directly from your machine. This is a huge advantage of browser caching.
Yet, there are downsides to it. Even though caching does improve the web browsing speed, sometimes it may leave users vulnerable to personal information spills – not necessarily through malicious remote connections, but for instance, by creating potential privacy issues in a public computer environment.
Going back to the Twitter data cache on Firefox, keep on reading to find out what happened and how you might have been affected.
How the Twitter-Firefox incident could have affected you
Even though this may not be a problem on single-user devices, data may have been leaked on computers with multiple users. If Twitter users logged from a public computer, their personal information could have been harvested by ill-intentioned actors.
Fortunately, according to Twitter’s statement, the stored information should have automatically been deleted after a week. The social networking giant also indicated that the issue has now been solved, so Firefox is no longer storing personal data in its cache.
“The Mozilla Firefox browser’s cache retention period is set to 7 days and after that time the information should have automatically been removed from the cache.”, said Twitter.
Other browsers like Chrome or Safari have not been affected.
According to The Register, it appears that an HTTP header may not have been used as expected, determining Firefox to store files and downloaded data. This was pointed out by Mozilla engineer Dave Townsend:
It seems that when a certain HTTP header is used (which has no defined effect on caching behaviour) Chrome has chosen to not cache the content. Firefox will cache the content unless the Cache-Control header says not to (just like all other HTTP requests).
— Dave Townsend (@EnglishMossop) April 2, 2020
Mozilla stated that this would not be remotely accessible to cybercriminals.
“When you use Firefox, cached data stays local on that device.”
“So if the data stayed in the cache, that would only have been viewable on that device.”, announced a spokesperson for The Register.
What’s more, Twitter believes the problem can be fixed on their end, possibly by changing the HTTP header in question, which means that no Firefox updates will be required.
As an additional security measure, Twitter encouraged its users to clear the browser’s cache after each session on every public computer they use to sign in:
“If you use, or have used a public or shared computer to access Twitter, we encourage you to clear the browser cache before logging out, and to be cautious about the personal information you download on a computer that other people use.”
The social media network apologized for this security hiccup and advised its users to contact Twitter’s Data Protection Officer by completing an online form for any questions or concerns.
How to clear the cache on Firefox
Here is how you can manually or automatically delete Mozilla Firefox’s cache.
Manually clearing the Firefox cache
Go to Options.
Now access Privacy & Security > Cookies and Site Data > Clear Data.
Uncheck Cookies and Site Data. Only check Cached Web Content and click the Clear button.
Automatically clearing the Firefox cache
If you wish to automatically clear the cache when Firefox closes, go to Options > Privacy & Security > History.
Select the Use custom settings for history option.
Check the Clear history when Firefox closes box and then click the Settings button.
Only check the Cache category and click OK.
People may be concerned about websites storing certain assets on their devices without their knowledge or consent, and for a good reason. However, the benefits of browser caching are currently greater than the risks, so in this case, the simple practice of clearing your browser cache will suffice. Also, if you’re using a solid cybersecurity solution that prevents and mitigates threats, you can rest assured you are safe online in front of both known and yet unknown threats.