Hidden Twitter Bug Disclosed Users’ Location to Unknown Partner

Earlier this week, Twitter has come under fire after the social media giant revealed that due to some ‘technical difficulties’ hundreds of users’ addresses were disclosed to an unknown partner.

In a Tweet posted on Monday morning, Twitter Support said that the bug has been fixed and that the affected users needed worry about consequences.

The post also mentions something about a Twitter business partner who briefly deleted the location data after the bug has been discovered.

Is Your Twitter Account at Risk?

On Monday morning, a Twitter spokesperson declared that due to a ‘minor’ bug the location data of several users have been transmitted to a partner. Twitter refused to disclose the name of the partner but made assurances that the leak won’t comprise the users’ accounts.

How could such a thing have happened?

According to Twitter’s statement, the bug emerged after a real-time bidding process which, allegedly, took place on Monday. During the data exchange, Twitter’s servers transmitted users’ location data to this mysterious partner.

However, the company made assurances that the transmitted telemetry can in no way be used to track the user’s movements or pinpoint his exact location.

More than that, if we are to take Twitter’s statement for granted, the leaked data can only be used to identify a user’s ZIP code or home city.

What’s does that mean?

Well, this data will show your approximate location within a five-kilometer radius.

As for what happened to the data, the same statement reveals that as soon as the issued was flagged down, the undisclosed business partner purged its serve, effectively deleting everything related to this unauthorized transmission.

Fact or just another smoke screen?

So, where does that leave us?

Considering that you count among the unfortunate ones, it means that some off-beat company may now know your town of residence.

Is this a reason for panic?

Certainly not.

In view of Twitter’s statement, the most sensible course of action would be to change your password.

Our recommendation is to download a strong password generator software and to commit the change as soon as possible. Furthermore, for the time being, it would be wise to switch off the “show location” function.

After-effect of Twitter’s announcement

According to Twitter’s spokesperson, it’s still unclear how the server managed to transmit location data in the first place.

To our knowledge, each time bidding takes place between Twitter and an affiliated company, every bite of data pertaining to the users’ location and identity should stay where it is.

Would it not for this freak occurrence, it’s safe to assume that the bug would have gone unnoticed.

Although the security breach has been fixed, as per Twitter’s statements, there may be some legal fallout, considering that this info leak is a GDPR breach.

Will this lead to users closing down their Twitter accounts?

It is way too early to speculate. However, there’s a lesson to be learned here: it doesn’t matter if your company’s named Google, Apple, or Twitter. Security breaches will always be a distinct possibility, regardless of how much you try to seal all the gaps.

What are your thoughts on Twitter’s statements and bug fix? Head to the comments sections and let us know.

About Daniel Sadler

Old-school PC gamer, poetry buff, cat lover, tech wiz. His writing career began almost two decades ago when he modestly acknowledged that hindsight or, lack thereof, can compromise security. He enjoys spending quality time with his friends and family. Most of his friends refer to Daniel as a "man of a few words, but, man, what words!" His interests include cybersecurity, IT, blogging, and, of course, everything related to technology.

Leave a Reply

Your email address will not be published. Required fields are marked *

Shares