Twitter discloses Firefox bug that cached private files sent or received via DMs
Social networking giant Twitter disclosed today a bug on its platform that impacted users who accessed their platform using Firefox browsers.
According to Twitter, its platform stored private files inside the Firefox browser’s cache — a folder where websites store information and files temporarily.
Twitter said that once users left their platform or logged off, the files would remain in the browser cache, allowing anyone to retrieve it.
The company is now warning users who share workstations or used a public computer that some of their private files may still be present in the Firefox cache. Malware present on a system could also scrape and steal this data, if ever configured to do so.
This might include files sent or received via direct messages (DMs), data archive files downloaded from a profile’s settings page, and others. Twitter said these files would remain on a system, even if the user logged off from their accounts.
The company said the bug’s impact is somewhat limited as Firefox automatically purges all cached data older than seven days.
“If you use, or have used, a public or shared computer to access Twitter, we encourage you to clear the browser cache before logging out, and to be cautious about the personal information you download on a computer that other people use,” Twitter said.
The cache can be cleared in Firefox by going to Tools > Options > Privacy & Security > Cookie and Site Data > Clear Data.
Twitter said it has now fixed this bug to prevent its platform from caching non-public information. The company also said the bug did not affect users using other browsers like Safari or Chrome.