Twitter Collected and Shared iOS Location Data
Twitter on Monday revealed that a bug in Twitter for iOS led to the micro-blogging platform inadvertently collecting location data and sharing it with a third-party.
The company reveals that the data collection and sharing occurred only in certain circumstances and says that only one of their partners was involved in it. Nevertheless, this partner is an advertising company.
“Specifically, if you used more than one account on Twitter for iOS and opted into using the precise location feature in one account, we may have accidentally collected location data when you were using any other account(s) on that same device for which you had not turned on the precise location feature,” the company reveals.
The social platform also notes that it had intended to remove the location information from the data sent to “a trusted partner during an advertising process known as real-time bidding,” but that did not happen.
The good news is that the technical measures Twitter had implemented to “fuzz” the data shared resulted in the partner receiving location information “no more precise than zip code or city (5km squared).”
Thus, the platform notes, the location data could not be used to determine a user’s address or to map their movements. No Twitter handle or other unique account IDs were shared, meaning that users’ identities on Twitter were not compromised.
“This means that for people using Twitter for iOS who we inadvertently collected location information from, we may also have shared that information with a trusted advertising partner,” the social platform notes.
According to Twitter, the partner did not retain the data and only kept it in their systems for a short time, after which it was deleted as part of their normal process.
The social platform says it has fixed the issue and that it also informed all those who were impacted.
However, the company did not provide information on the number of affected users and did not reveal for how long it shared the data with its partner.
“We invite you to check your privacy settings to make sure you’re only sharing the data you want to with us. We’re very sorry this happened. We recognize and appreciate the trust you place in us and are committed to earning that trust every day,” Twitter says.
Related: Bug Gives Twitter Apps More Permissions Than Shown
Related: Bug Exposed Direct Messages of Millions of Twitter Users
Ionut Arghire is an international correspondent for SecurityWeek.
Tags: 
Gloss