Twitter has said it recently found an issue with its privacy settings that may have inadvertently led to user data being shared with third-parties.
The social network revealed in a blog post that users who clicked or viewed an ad on the app since May 2018 might have shared data with its third-party measurement and advertising partners, even if they hadn't given permission for this to happen.
Facebook goes full Naked Gun after its latest password fiasco Twitter turns 10 General Data Protection Regulation (GDPR)
Users can make data sharing preferences in the platform's settings, but Twitter has said it failed to follow those choices. The data shared includes users' country codes, information about ads they clicked on and whether or not they engaged with it.
The firm also confessed to showing ads based on its own assumptions of what devices its users log in with without permission but stressed that this data didn't involve passwords or email accounts and didn't go beyond Twitter.
"You trust us to follow your choices and we failed here. We're sorry this happened, and are taking steps to make sure we don't make a mistake like this again," the company said in a blog post.
Despite fixing the issue on 5 August, Twitter is still investigating how many people may have been impacted. For now it hasn't called for any users to take action, such as changing passwords, though.
Like a number of websites, Twitter has sought to be more transparent about how it collects data, revealing a new privacy policy in May 2018 just before GDPR came into effect. It also came not long after the company warned users to update passwords after it found a flaw in its system that allowed staff to view them in plaintext.
