Apparently, a flaw in the design of the platform itself caused it to store private files inside Firefox’s browser cache.
The cache is a folder normally reserved for temporary storage of website files. Unfortunately, even after a user logged off of Twitter’s service, the files would remain in the browser cache, often for as long as a week,. This enables anyone with access to that machine to view them.
The files stored in this manner include files received via Direct Messages (DMs) and any downloaded files.
There are two potential points of concern here. First is the fact that if you make regular use of a shared machine and access Twitter from it, then whomever you are sharing the machine with would have easy access to files you assumed to be private.
Second, if malware were to infect the machine you access Twitter from, then the malware may wind up scraping that data and sending it to its controllers’ command and control server. That gives them a copy of information you assumed was private.
A spokesman for Twitter summarized as follows:
“If you use, or have used a public or shared computer to access Twitter, we encourage you to clear the browser cache before logging out, and to be cautious about the personal information you download on a computer that other people use.”
From inside Firefox, follow these steps to clear your browser cache:
Go to “tools” then “Options.” From there, select “Privacy & Security” and then “Cookie and Site Data.”
Once there, you’ll see an option labeled “Clear Data.” Click that, give the machine a minute, and you’re all set.
Twitter reports that it has fixed now fixed the bug and reiterated that it was not an issue for people who used Chrome or Safari.