Twitter says it has fixed a bug that resulted in a userâs approximate location information being shared with an unnamed Twitter partner.
âWe have discovered that we were inadvertently collecting and sharing iOS location data with one of our trusted partners in certain circumstances,â the company said in a blog post.
According to the post, the bug only affected iOS users of its Twitter app who had a second account on their phones. So if users had allowed Twitter to access precise location data on one account, the setting would automatically be applied to the other account(s), even when they did not opt in to location data sharing.
Due to a bug in Twitter for iOS, we inadvertently collected and shared location data (at the zip code or city level). We have fixed the bug, but we wanted to make sure we shared more of the context around this with you. More here: https://t.co/n04LNt62Sa
â Twitter Support (@TwitterSupport) May 13, 2019
Twitter also noted that the collected information was then shared with a trusted partner for purposes of serving ads through a process called real-time bidding, but assuaged any privacy concerns by stating the location data was âfuzzedâ to reduce its accuracy to the nearest zip code or city, and that the partner that inadvertently received the location data didnât also receive their Twitter handle or unique account identifier.
âWe have confirmed with our partner that the location data has not been retained and that it only existed in their systems for a short time, and was then deleted as part of their normal process,â it stated on the help site.
Although Twitter didnât tell when the data sharing took place, the social media company said it has already notified impacted users, and urged users to revisit their privacy settings in light of the security incident.
Itâs also worth noting that this security issue is Twitterâs fourth bug in the past year.
Last September, a bug in Twitter API accidentally exposed private messages and protected tweets to developers not authorized to read them.
In December, it notified that âstate-sponsored actorsâ may have exploited a vulnerability in its online support form to obtain the country code of a userâs phone number and determine whether or not the account had been locked by Twitter.
In January this year, Twitter found a security flaw in its Android app causing private tweets of an unspecified number of users to be publicly available since 2014.
Get the TNW newsletter
Get the most important tech news in your inbox each week.