Social media platform Twitter on Tuesday said email addresses and phone numbers uploaded by users to meet its security requirements may have been “inadvertently” used for advertising purposes. “This was an error and we apologise,” the company said in a blog post.

“We cannot say with certainty how many people were impacted by this, but in an effort to be transparent, we wanted to make everyone aware,” it added. “No personal data was ever shared externally with our partners or any other third parties.”

Twitter said when advertisers uploaded their marketing lists, it may have matched people on the platform to their list based on the email or phone number provided by account holders.

The micro-blogging site said the matter was rectified on September 17.

“We’re very sorry this happened and are taking steps to make sure we don’t make a mistake like this again,” the San Francisco-based company said.

Social media companies, including Twitter and Facebook, have regularly faced heat from users and regulators globally on how they handle user data.

Contact numbers provided for the two-step verification for accounts were also exposed as being vulnerable to hacking. In August, Twitter co-founder and Chief Executive Officer Jack Dorsey’s account was hacked.

Now, follow and debate the day’s most significant stories on Scroll Exchange.