Twitter appears 'error' that causes user information to be approached by third-party advertising providers

The vulnerability has been successfully patched on August 5, 2019, and no significant damage has been reported.

Recently, a Twitter micro blog has officially revealed that some third-party advertising partners have tried to abuse a flaw in the system of this social media platform to extract information. trust users without the account holder's consent. These can be considered relatively serious internal data violations.

  1. More than 1 million payment card information from Korea is sold on Dark Web

Picture 1 of Twitter appears 'error' that causes user information to be approached by third-party advertising providers
This vulnerability was first known for more than 1 year ago

The vulnerability has been successfully patched on August 5, 2019, and no significant damage has been reported. Twitter commits to users that they will closely monitor the case and send a detailed notice of the actual situation to all accounts affected by the ad vendors' unauthorized data collection behavior. 3rd party. @TwitterSupport's official notice is as follows:

'A small security flaw that appears on the Twitter platform for iOS has inadvertently allowed 3rd party advertising providers to collect and share user location data. We have now patched it, and will be sure to provide all details related to the incident to the affected accounts'.

According to the investigation, the existence of this vulnerability was known to some of Twitter's advertising partners for the first time since May 2018, but Twitter did not have the necessary remedies. At that time, the micro-blog site still did not know the specifics of the incident.

The location data of each account is usually stored 'safely' by Twitter in the user database as part of the data security policy, but in fact, it is not possible to confirm whether advertisers Is this partner of the social networking site granted access to that database?

  1. British Airways has a systematic, delaying 'error' at many airports in the UK, customers dumping stones on Twitter

Picture 2 of Twitter appears 'error' that causes user information to be approached by third-party advertising providers
If confirmed to violate GDPR, Twitter may have to accept a heavy penalty from the EC

User location data is often used for account recovery processes, and is not designed, nor is it a 'commodity' type that may be allowed to 'sell' to advertisers. However, the investigation results show that when Twitter user accounts are affected by the vulnerability mentioned above, extracting location data can even be done arbitrarily by an advertising partner of Twitter even when users disagree (most are unaware).

More than a year ago, the European Commission (EC) issued and enforced a drastic Regulation on General Data Protection (GDPR) for all EU member states, as well as all companies. has been serving EU citizens since May 25, 2018. A lot of big players in the internet service sector have been "stunned", including Facebook, Google, and Microsoft. Billions of dollars in fines have been imposed, and if the data breach proves to be from the subjective error of Twitter and is related to EU citizens, a heavy penalty is likely to be imposed. use. It took more than a year to confirm the existence of the vulnerability, and it certainly included account information of an EU citizen.

  1. Apple, Google, Microsoft, Facebook and Twitter will join a large-scale shared data project

'We may have shown you ads based on inferences regarding the device you use even without consulting. However, this is only part of the algorithm testing process to provide more relevant advertising for Twitter users and our other services since September 2018 'Twitter team explained.

Investigations are ongoing and targeting technology teams inside and outside this social networking site to determine the full range of vulnerabilities, even Twitter's partners are within. sight.

For its part, Twitter pledged that any new findings would be publicly disclosed immediately, without exception.

  1. Customer data collected during Capital 14's 14 years was stolen

Picture 3 of Twitter appears 'error' that causes user information to be approached by third-party advertising providers
Investigations aimed at Twitter and partners are being actively implemented

Twitter users who want to contact this social networking site representative to update more specific information can use the customized form provided by the company. All are still in the process of being investigated and we will notify you as soon as we have the latest information.

Update 12 August 2019
Category

System

Mac OS X

Hardware

Game

Tech info

Technology

Science

Life

Application

Electric

Program

Mobile