With smartphone apps being so tightly interconnected, and using authentication and authorization from other apps, this type of thing is becoming probable. With the complete transfer, however, the problem is much more likely to reside on Apple's back end ...
............ This message may or may not be governed by the terms of http://www.noticebored.com/html/cisspforumfaq.html#Friday or https://blogs.securiteam.com/index.php/archives/1468
Without having access to the device itself its all but impossible to determine what software may be sharing if not posting data to other applications. I suspect this isn't quite as mysterious as the reporter suggests.
Thinking misconfigured device or setting, somewhere.