X (Twitter) — Data Breach
Executive Summary
Twitter disclosed that a bug in its iOS app had shared some users' precise location data with an unnamed advertising partner. The data was collected even from users who had enabled location sharing only for features like tweet geotags. Twitter said the bug had been fixed and the partner had been asked to delete the data.
What Happened
On May 13, 2019, Twitter disclosed a bug in its iOS app that caused the company to inadvertently collect and share location data with an unnamed advertising partner. The bug affected users who had multiple Twitter accounts on the same iOS device and had enabled precise location sharing on at least one account. Location data from accounts that had not opted in to location sharing may have been collected and shared during the real-time bidding process with the advertising partner.
Who Is Affected
The bug affected a portion of Twitter's iOS users who operated multiple accounts on the same device and had enabled the optional precise location feature on at least one of those accounts. The shared location data was limited to zip code or city level (approximately 5 kilometers squared) rather than precise coordinates. Twitter notified the affected users directly about the issue.
Why It Matters
This incident demonstrates how technical bugs can cause platforms to collect and share user data beyond what users have explicitly authorized, even when privacy controls are in place. The bug violated user privacy preferences by collecting location data from accounts where location sharing had not been enabled. While the partner did not receive usernames or precise location data that could identify individuals, the sharing still occurred without proper user consent.
What You Should Do
Twitter stated it has fixed the bug and confirmed with its partner that the location data was not retained and has been deleted. Affected users were contacted directly by Twitter about the issue. Users should review their Twitter privacy settings to ensure location sharing preferences are correctly configured for each account they operate on iOS devices.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.