Twitter disclosed a bug, that is, in some cases, the location data of an account will be shared with Twitter partners, even if the user did not choose to share the data. The company said the vulnerability only affects a portion of the Twitter for iOS user base, and they all have been notified of this issue.
Due to a bug in Twitter for iOS, we inadvertently collected and shared location data (at the zip code or city level). We have fixed the bug, but we wanted to make sure we shared more of the context around this with you. More here: https://t.co/n04LNt62Sa
— Twitter Support (@TwitterSupport) May 13, 2019
Twitter said it may accidentally collect location data for an account or other accounts on the same mobile device, even if they do not choose to share location data. This information is then shared in the real-time bidding process to Twitter partners, which means they get unauthorized location data. Twitter pointed out that these are not accurate location data, because the data has been blurred. This means that the data cannot be used to determine a particular address, nor can it be used to map the user’s precise activity.
For those users who are concerned that their location has been compromised, Twitter assures the affected users that the partners receiving the location data do not get their unique account identifier. In addition, Twitter said that the partners did not retain these location data.
It’s unclear when this location sharing took place, and how long it lasted. In addition, Twitter did not specify the name of the partner who owns the data, nor did it explain how such a vulnerability was generated.
“We have confirmed with our partner that the location data has not been retained and that it only existed in their systems for a short time, and was then deleted as part of their normal process.”