"We recently found that some email addresses and phone numbers provided for account security may have been used unintentionally for advertising purposes. This is no longer happening and we wanted to give you more clarity around the situation," the micro-blogging website said in a blog post.
In a statement, Twitter said it "cannot say with certainty how many people were impacted".
"But in an effort to be transparent, we wanted to make everyone aware," the statement read.
The company further said that no personal data was ever shared externally with its partners or any other third parties.
It said, "We're very sorry this happened and are taking steps to make sure we don't make a mistake like this again," adding that in case of any queries, Twitter users can contact the company's Data Protection office by completing a form.
The email addresses and phone numbers were used to enable targeted advertising that also included tailored audiences even though the information was provided by users for two-factor authentication.
Tailored Audiences is a version of an industry-standard product that allows advertisers to target advertisements to customers based on the advertiser's own marketing lists, such as email addresses or phone numbers they have compiled.
Meanwhile, partner audiences allows advertisers to use similar features to target advertisements to audiences provided by third-party partners.
"This was an error and we apologise," the website said.