Twitter has said it "inadvertently" used data meant for security purposes to target people with ads.
In a company statement, Twitter said some email addresses and phone numbers provided for security reasons, such as two-factor identification, were exposed through its Tailored Audiences and Partner Audiences advertising systems.
"When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes," the company said. "This was an error and we apologize."
Twitter could not say with certainly how many people were impacted, but said no personal data was ever shared externally with its partners or any other third parties.
"As of September 17, we have addressed the issue that allowed this to occur and are no longer using phone numbers or email addresses collected for safety or security purposes for advertising," the company said.
This comes just two months after Twitter admitted to another mistake. In August the social media site fessed up to improperly sharing personal data, such as a user's country code, with advertisers.
Twitter's struggles to properly manage personal data come as regulators grow intollerant of digital privacy misshaps. The Federal Trade Commission in July fined Facebook $5bn for improperly handling user data, the largest fine ever imposed on company for violating consumers’ privacy.