CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Twitter Collected and Shared iOS Location Data

Twitter on Monday revealed that a bug in Twitter for iOS led to the micro-blogging platform inadvertently collecting location data and sharing it with a third-party.

Twitter on Monday revealed that a bug in Twitter for iOS led to the micro-blogging platform inadvertently collecting location data and sharing it with a third-party.

The company reveals that the data collection and sharing occurred only in certain circumstances and says that only one of their partners was involved in it. Nevertheless, this partner is an advertising company.

“Specifically, if you used more than one account on Twitter for iOS and opted into using the precise location feature in one account, we may have accidentally collected location data when you were using any other account(s) on that same device for which you had not turned on the precise location feature,” the company reveals

The social platform also notes that it had intended to remove the location information from the data sent to “a trusted partner during an advertising process known as real-time bidding,” but that did not happen. 

The good news is that the technical measures Twitter had implemented to “fuzz” the data shared resulted in the partner receiving location information “no more precise than zip code or city (5km squared).”

Thus, the platform notes, the location data could not be used to determine a user’s address or to map their movements. No Twitter handle or other unique account IDs were shared, meaning that users’ identities on Twitter were not compromised. 

“This means that for people using Twitter for iOS who we inadvertently collected location information from, we may also have shared that information with a trusted advertising partner,” the social platform notes. 

According to Twitter, the partner did not retain the data and only kept it in their systems for a short time, after which it was deleted as part of their normal process. 

Advertisement. Scroll to continue reading.

The social platform says it has fixed the issue and that it also informed all those who were impacted. 

However, the company did not provide information on the number of affected users and did not reveal for how long it shared the data with its partner. 

“We invite you to check your privacy settings to make sure you’re only sharing the data you want to with us. We’re very sorry this happened. We recognize and appreciate the trust you place in us and are committed to earning that trust every day,” Twitter says. 

Related: Bug Gives Twitter Apps More Permissions Than Shown

Related: Bug Exposed Direct Messages of Millions of Twitter Users

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.