This allows them to triangulate a users position with sufficient precision that they can be pinpointed on a map.
This attack was possible because:
Bumble did not validate the latitude/longitude values sent by clients when creating new chats it only checked whether or not they were within an acceptable range of values (which in this case happened to include all latitudes). The client-side code also contained no checks for invalid locations, so any value could be used without causing an error
https://t.co/u5S1AGyX9L