Twitter said on Tuesday that email addresses and phone numbers uploaded by users to meet its security requirements may have been "inadvertently" used for advertising purposes.
The company said the information was not shared with third parties but was made available internally to allow users to receive targeted advertising.
The social media giant said the issue was rectified as of September 17, without disclosing how many users were affected. It did not say when it discovered the issue.
"This was an error and we apologise," the company said in a blog post.
The firm said it was "no longer using phone numbers or email addresses collected for safety or security purposes for advertising”.
Twitter said when advertisers uploaded their marketing lists, it may have matched people on the platform to their list based on the email or phone number provided by account holders.
Social media companies, including Twitter and Facebook, have faced heat from users and regulators globally on how their platforms handle user data.
Last month, Twitter chief executive Jack Dorsey’s account was compromised after hackers were able to tweet racial slurs through text messages.
In May last year, Twitter advised all 330 million of its users to change their passwords after a bug was discovered.
