The social media platform has revealed phone numbers and email addresses - which were only provided for two-factor authentication - were accidentally shared with third-party partners.
In a blog post, the company said: "When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. This was an error and we apologize.
"We cannot say with certainty how many people were impacted by this, but in an effort to be transparent, we wanted to make everyone aware. No personal data was ever shared externally with our partners or any other third parties."
Meanwhile, Twitter promised that as of September 17, the issue has been dealt with and no contact details obtained for security purposes will be used in any other manner.
The post continued: "As of September 17, we have addressed the issue that allowed this to occur and are no longer using phone numbers or email addresses collected for safety or security purposes for advertising.
"We're very sorry this happened and are taking steps to make sure we don't make a mistake like this again."