While bugs and vulnerabilities breaching users’ privacy seem a growing problem. Recently, a Twitter iOS bug inadvertently breached the privacy of some iOS users. The vulnerability led to the sharing of users’ location data to a third-party.
Twitter iOS Bug Breached User Privacy
As disclosed by Twitter in a security notice, the firm inadvertently breached the privacy of some iOS users due to a vulnerability. The Twitter iOS bug caused accidental sharing of users’ location data to a ‘trusted partner’.
Twitter has openly accepted the glitch: as stated in their advisory,
You trust us to be careful with your data, and because of that, we want to be open with you when we make a mistake.
They then went on to say that an application bug caused inadvertent collection and sharing of users’ location data. It happened in only some cases where the users had more than one account with different privacy settings and used both of them on the Twitter for iOS app.
If you used more than one account on Twitter for iOS and opted into using the precise location feature in one account, we may have accidentally collected location data when you were using any other account(s) on that same device for which you had not turned on the precise location feature.
Twitter confirmed that the glitch only caused the collection and sharing of location data. The users’ Twitter account details didn’t reach the partner. Additionally they also ‘fuzzed’ the location data shared, thereby reducing its precision to city (5km squared) or zip codes, so that it would not allow any location mapping.
Twitter Takes Up The Matter For Resolution
Upon noticing the bug, Twitter began working towards fixing the matter. They confirm in their advisory that the data shared with their partner no more exist.
We have confirmed with our partner that the location data has not been retained… It only existed in their systems for a short time, and was then deleted as part of their normal process.
Besides, they also confirm that they have patched the vulnerability. Moreover, they have also notified the people affected during this incident. Twitter further invites all users to review privacy settings to remain safe.
We invite you to check your privacy settings to make sure you’re only sharing the data you want.
This report marks the second incident of a Twitter vulnerability. In January, the firm patched a flaw in Twitter Android app that publicly exposed private tweets of users.