Source: Cyware | By Ryan Stewart
Bug in Twitter led to collection and sharing of users’ geolocation data with its partner
• Twitter inadvertently collected and shared iOS users’ location data with one of its partners.
• Twitter confirmed that the partner did not retain the shared data and deleted the data as part of their normal process.
Twitter has disclosed a bug in its platform that collects iOS app users’ location data and shares with one of its partners.
More details on the bug
The bug in the Twitter collects geolocation data when the user has two Twitter accounts in an iOS device but uses the precise location feature in only one account. This implies that when using two Twitter accounts on the same device, the precise location feature setting was applied to both the accounts even when not opted for.
This resulted in Twitter collecting location data from the other account on the same device for which the precise location feature has not been turned on.
Also, the collected location data was shared with a trusted partner during an advertising process known as real-time bidding. However, Twitter implemented technical measures to “fuzz” the data shared so that it was no more precise than the zip code or city (5km squared).
What does Twitter have to say?
• Twitter confirmed that no other users’ Twitter handle or account IDs have been shared with the partner.
• It further confirmed that the partner deleted the shared location data as part of their normal process.
• The social media platform said that it has notified the users whose accounts have been potentially impacted.
• Twitter has fixed this issue is working to ensure that this does not happen in the future.
“We have confirmed with our partner that the location data has not been retained and that it only existed in their systems for a short time, and was then deleted as part of their normal process,” Twitter said.