Here's the email I got - and the shady thing is that except for the link to the Privacy Policy in the email, all other links are using the domain <a href="http://<redacted>.t.en25.com/" rel="nofollow">http://<redacted>.t.en25.com/</a>.<p>> Hello,<p>> We are writing to let you know of a data security incident that may have involved your personal information on ads.twitter.com and analytics.twitter.com.<p>> We became aware of an issue that meant that prior to May 20, 2020, if you viewed your billing information on ads.twitter.com or analytics.twitter.com the billing information may have been stored in the browser’s cache. Examples of that information include email address, phone number, last four digits of your credit card number (not complete numbers, expiration dates or security codes), and billing address. If you used a shared computer, it is possible that if someone used the computer after you they could have seen the information stored in the browser's cache (most browsers generally store data in their cache by default for a short period of time like 30 days).<p>> On May 20, 2020, we updated the instructions that Twitter sends to your browser’s cache to stop this from happening. While we have no evidence that your billing information was compromised, we want to make sure you’re aware of the issue and how to protect yourself going forward. If you currently use a shared computer to access your Twitter Ads or Analytics billing information, we recommend clearing the browser cache when you log out.<p>> We’re very sorry this happened. We recognize and appreciate the trust you place in us, and are committed to earning that trust every day. If you have additional questions, you can write to our Office of Data Protection here.<p>> Thank you.