Twitter discloses bug that shared location data on iOS users

If you had more than one account on Twitter for iOS, it could've been accidentally providing location data to the social network.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
2 min read

Twitter says a bug collected location data on iOS devices. 

Angela Lang/CNET

The bird got its bugs. 

On Monday, Twitter disclosed a privacy bug that collected an account's location information on iOS devices, even if it didn't have its precise location tracking feature turned on. The social network was also sharing that location data with an advertising partner, the company said in a statement. 

The bug affected you if you had more than one Twitter account logged in on its iOS app and had the precise location feature enabled. If you had it enabled on one account on the app, the bug would also trigger it for all the other accounts logged in on that device, Twitter said. 

"We have fixed this problem and are working hard to make sure it does not happen again," Twitter said in its statement. "We have also communicated with the people whose accounts were impacted to let them know the bug has been fixed."

Twitter didn't respond to a request for comment on how long the bug had existed, and how many people were affected by this issue. 

That data was sent to advertisers for a process called "real-time bidding," where advertisers pay for space based on people's location. Twitter said it intended to remove location data from what it sent to its advertising partners, but failed to do so. 

As an added security measure though, it did obscure that data so that it wasn't "more precise than zip code or city," which means that it wasn't presented as an address or precise movements. There also were not Twitter handles or unique IDs involved with the bug, Twitter said. 

The social network said its partners only had that data for a short period, and it was deleted. Twitter didn't comment on how long that time period was. 

As our sister site ZDNet points out, this is the fourth bug that Twitter has disclosed in the past year. In January, Twitter announced a bug that exposed Android users' protected tweets since 2014. In September, Twitter disclosed a bug that sent people's direct messages to developers who weren't supposed to receive it. And last May, Twitter warned its 330 million users there was a bug that stored passwords in plain text in an internal log. 

"We're very sorry this happened. We recognize and appreciate the trust you place in us and are committed to earning that trust every day," Twitter said in its Monday statement.