Security Experts:

Twitter Again Admits Sharing User Data Without Permission

Twitter admitted this week that it may have accidentally shared some users’ data with third parties without permission.

The company said it identified two issues. One of them is related to the mobile app and it may have resulted in data being shared with trusted advertising and measurement partners.

The impacted data was collected when users viewed or clicked on an ad from the mobile application, and it included country code, information about the advertisement, and whether the user engaged with the ad and when. The social media giant has determined that the problem existed in the mobile application since May 2018.Twitter shares user data without permission

The second issue was related to information collected by Twitter about a user’s browser and device.

“As part of a process we use to try and serve more relevant advertising on Twitter and other services since September 2018, we may have shown you ads based on inferences we made about the devices you use, even if you did not give us permission to do so,” Twitter said.

In this case, the company said the data stayed within Twitter, and it did not include passwords, email addresses or other types of highly sensitive information.

Twitter provides settings that allow users to control how their data is shared, but in this case the settings choices did not work and the data was shared even if the user did not give the company permission to do so.

Twitter said it addressed the issues on August 5, but it’s still trying to determine how many users were impacted. In the meantime, the company says users do not need to take any action in response to the incident, other than checking their settings.

“You trust us to follow your choices and we failed here. We’re sorry this happened, and are taking steps to make sure we don’t make a mistake like this again,” Twitter said.

This is the second time in recent months that Twitter has admitted inadvertently sharing user data with third parties. In May, the company informed users that a bug in the Twitter app for iOS resulted in location data being collected and shared with an advertising partner.

Related: Bug Exposed Direct Messages of Millions of Twitter Users

Related: New Twitter Rules Target Fake Accounts, Hackers

Related: Bug Gives Twitter Apps More Permissions Than Shown

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.