Twitter Accidentally Shared iOS Users’ Location Data with a “Trusted Partner”

Twitter has admitted to yet another data leak. This time, the affected users were those on iOS devices. Due to a bug discovered earlier this week, third parties were able to access the personal location information of some Apple device owners.

According to Twitter, a certain “trusted partner” was able to view the location data of Twitter for iOS users under specific circumstances. The incident reportedly affected only a small number of users (exact figures were not disclosed), as it only applied to devices with more than one account. For example, even if an iOS device owner allowed Twitter to access their location data for just one account, the bug caused the second account to also share location data with the company.

In effect, this means that Twitter not only collected data from accounts whose owners did not want this, but also unintentionally shared this information with an unnamed partner.

Twitter representatives claim that the information was shared with only one third-party company, and that the data was properly “obfuscated”—the accuracy was limited to an area of 5 square kilometers. Additionally, according to Twitter, the collected data did not go beyond the unnamed partner’s systems, remained there for only a short time, and has now been deleted.

All affected users have already been notified about the incident.

Other Recent Twitter Security Issues

This is far from the first bug related to Twitter in recent times. Earlier this year, it was discovered that the official Android app could expose users’ private posts. A bit earlier, in December 2018, researchers warned that Twitter accounts could be hijacked through phone number spoofing. That same month, a bug was found that allowed tweets to be posted on behalf of other people, and it was also discovered that third parties could freely read other users’ private messages.