Connect with us

Hi, what are you looking for?


Data Protection

Twitter Again Admits Sharing User Data Without Permission

Twitter admitted this week that it may have accidentally shared some users’ data with third parties without permission.

Twitter admitted this week that it may have accidentally shared some users’ data with third parties without permission.

The company said it identified two issues. One of them is related to the mobile app and it may have resulted in data being shared with trusted advertising and measurement partners.

The impacted data was collected when users viewed or clicked on an ad from the mobile application, and it included country code, information about the advertisement, and whether the user engaged with the ad and when. The social media giant has determined that the problem existed in the mobile application since May 2018.Twitter shares user data without permission

The second issue was related to information collected by Twitter about a user’s browser and device.

“As part of a process we use to try and serve more relevant advertising on Twitter and other services since September 2018, we may have shown you ads based on inferences we made about the devices you use, even if you did not give us permission to do so,” Twitter said.

In this case, the company said the data stayed within Twitter, and it did not include passwords, email addresses or other types of highly sensitive information.

Twitter provides settings that allow users to control how their data is shared, but in this case the settings choices did not work and the data was shared even if the user did not give the company permission to do so.

Twitter said it addressed the issues on August 5, but it’s still trying to determine how many users were impacted. In the meantime, the company says users do not need to take any action in response to the incident, other than checking their settings.

“You trust us to follow your choices and we failed here. We’re sorry this happened, and are taking steps to make sure we don’t make a mistake like this again,” Twitter said.

Advertisement. Scroll to continue reading.

This is the second time in recent months that Twitter has admitted inadvertently sharing user data with third parties. In May, the company informed users that a bug in the Twitter app for iOS resulted in location data being collected and shared with an advertising partner.

Related: Bug Exposed Direct Messages of Millions of Twitter Users

Related: New Twitter Rules Target Fake Accounts, Hackers

Related: Bug Gives Twitter Apps More Permissions Than Shown

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

More People On The Move

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...