Twitter says it mistakenly used the phone numbers and email addresses people provided for security purposes to show advertisements to its users.
The company said Tuesday that it “inadvertently” used the emails and phone numbers to let advertisers match people to their own marketing lists. Twitter is not saying how many users were affected.
The company also says that it did not share personal data with advertisers or other third parties. Twitter says it fixed the problem as of September 17.
Facebook settled with the Federal Trade Commission earlier this year over its privacy missteps. In addition to a $5 billion fine, the settlement included limits on how Facebook shares data with third parties.
Facebook also agreed not to use phone numbers given for security purposes to advertise to people.