Twitter revealed on Tuesday that it inadvertently collected location data from some of its users and shared it with an advertising partner. The bug has now been fixed.
The company declined to reveal how many people had been affected, and how long it had been collecting the data. The name of the partner was also withheld. It did, however, offer some details on the nature of the bug, as well as information on which users may have had their location data exposed.
“Specifically, if you used more than one account on Twitter for iOS and opted into using the precise location feature in one account, we may have accidentally collected location data when you were using any other account(s) on that same device for which you had not turned on the precise location feature,” the company wrote in a post.
Twitter said it shared the location data with an advertising partner after it failed to remove it from information sent to that partner for the purposes of real-time bidding, a process where businesses pay for ad space based on a user’s location at any given time.
It said the removal of the location data “did not happen as planned,” although it did manage to implement measures that obscured the shared data so that the location was no more precise than an area of five square kilometers.
In other words, the location data wasn’t specific enough to reveal a specific address, or to map exact movements. In a bid to further reassure its community, Twitter said the partner that received the data did not have access to Twitter names or other information linked to a profile. According to Twitter, the shared location data was only held for a short time by the partner before being deleted as part of its normal routine.
The San Francisco, California-based company said it was “very sorry” about the blunder and is “working hard to make sure it does not happen again.” It added that it has contacted users whose accounts were impacted to let them know that the bug has now been fixed.
For peace of mind, the company suggested users take a moment to check their privacy settings “to make sure you’re only sharing the data you want to with us.” You can do so by tapping on your profile photo, then on Settings, and then on Privacy. Scroll down the page to look for the Precise Location entry, which should be set to disabled if you want to hide your location.
At the start of 2019, Twitter admitted to another bug that exposed the protected tweets of some Android users since 2015. It fixed it, but as a precaution urged anyone with an Android device who’d set their account to private to review their settings to make sure their tweets are still protected.