Micro-blogging site Twitter, on Tuesday, 8 October, said it mistakenly used the phone numbers and email addresses people provided for security purposes to show them advertisements.
It also said that it did not share personal data with advertisers or other third parties, and the problem was fixed on 17 September.
Twitter added that when advertisers uploaded their marketing lists, it may have matched people on the platform to their list based on the email or phone number provided by account holders.
Social media companies have been facing heat from users and regulators globally on their handling of user data. Facebook also recently settled with the Federal Trade Commission earlier this year over its privacy missteps. In addition to a $5 billion fine, the settlement included limits on how Facebook shares data with third parties.
(With inputs from AP)
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)