Twitter has disclosed that it may have inadvertently shared location data on some users who had not specifically authorized it.
The social media company said that in some cases location data from a user’s account could have been shared, even if the user had not authorized the sharing. The bug only affected iOS users and only those iOS users who had more than one Twitter account.
Affected users have been notified of the bug and the possibility that location data was shared with a third party.
“Due to a bug in Twitter for iOS, we inadvertently collected and shared location data (at the zip code or city level),” the company said in a tweet. “We have fixed the bug, but we wanted to make sure we shared more of the context around this with you. More here.”
According to Twitter, the bug only affected iOS users who had more than one account and had activated the “shared location” feature on at least one of the accounts. Twitter says the platform might have collected location data for the other accounts, even though permission had not been given.
Use for marketing purposes
That location data might have then been shared with a Twitter partner, who paid for it so it could be used for marketing purposes. Twitter says the location data was not that precise and could have been limited to a five-kilometer square mile area.
“That means the data could not be used to determine an address or to map your precise movements,” the company said in a statement.
When receiving the location data, the third party partner did not have the information that could have allowed it to identify whose data it was receiving. Twitter assured impacted users that the third party company did not retain the location data it received.
Data was not retained
“We have confirmed with our partner that the location data has not been retained and that it only existed in their systems for a short time, and was then deleted as part of their normal process,” the company said. “We have fixed this problem and are working hard to make sure it does not happen again.”
Twitter said it has been in contact with users whose accounts were affected to reassure them that the bug has been fixed. The company said affected users should check their privacy settings to make sure they are only sharing the data they want to.
Twitter did not say when the unauthorized data-sharing took place and how long it continued.