Twitter says it mistakenly used the phone numbers and email addresses people provided for security purposes to show advertisements to its users.
"We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes," Twitter said in a statement.
The social media giant said that the information was used in its "tailored audiences and partner audiences advertising system," which allows companies to target ads to users based on the firms' own marketing lists.
When an advertiser uploaded its marketing list, some users were being matched to those lists based on their security email or phone number.
"This was an error and we apologize," Twitter said, adding that it "cannot say with certainty how many people were impacted."
The San Francisco-based company insisted that no data was shared externally and that as of September 17 the issue had been resolved.
"We're very sorry this happened and are taking steps to make sure we don't make a mistake like this again," Twitter said.
Twitter made a similar public apology in July, admitting that it may have shared data from its mobile app users, including country codes and ads engagement, with advertising partners "even if you didn't give us permission to do so."
Privacy and internet data are hot political topics worldwide, with tech giants such as Twitter and Facebook in the crosshairs of regulators.
Facebook settled with the Federal Trade Commission earlier this year over its privacy missteps. In addition to a $5 billion fine, the settlement included limits on how Facebook shares data with third parties.
Facebook also agreed not to use phone numbers given for security purposes to advertise to people.