Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

Twitter Again Admits Sharing User Data Without Permission

Twitter admitted this week that it may have accidentally shared some users’ data with third parties without permission.

Twitter admitted this week that it may have accidentally shared some users’ data with third parties without permission.

The company said it identified two issues. One of them is related to the mobile app and it may have resulted in data being shared with trusted advertising and measurement partners.

The impacted data was collected when users viewed or clicked on an ad from the mobile application, and it included country code, information about the advertisement, and whether the user engaged with the ad and when. The social media giant has determined that the problem existed in the mobile application since May 2018.Twitter shares user data without permission

The second issue was related to information collected by Twitter about a user’s browser and device.

“As part of a process we use to try and serve more relevant advertising on Twitter and other services since September 2018, we may have shown you ads based on inferences we made about the devices you use, even if you did not give us permission to do so,” Twitter said.

In this case, the company said the data stayed within Twitter, and it did not include passwords, email addresses or other types of highly sensitive information.

Twitter provides settings that allow users to control how their data is shared, but in this case the settings choices did not work and the data was shared even if the user did not give the company permission to do so.

Twitter said it addressed the issues on August 5, but it’s still trying to determine how many users were impacted. In the meantime, the company says users do not need to take any action in response to the incident, other than checking their settings.

“You trust us to follow your choices and we failed here. We’re sorry this happened, and are taking steps to make sure we don’t make a mistake like this again,” Twitter said.

This is the second time in recent months that Twitter has admitted inadvertently sharing user data with third parties. In May, the company informed users that a bug in the Twitter app for iOS resulted in location data being collected and shared with an advertising partner.

Related: Bug Exposed Direct Messages of Millions of Twitter Users

Related: New Twitter Rules Target Fake Accounts, Hackers

Related: Bug Gives Twitter Apps More Permissions Than Shown

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.