Twitter issued an apology on Tuesday for using phone numbers provided by users for security features in targeted advertising, claiming the incident was a mistake.

Twitter at times encouraged users to provide their phone numbers, which were then added into its targeted advertising tool called Tailored Audiences. The tool enables advertisers to upload their customer contact lists, and Twitter identifies the corresponding likely user using details on file, such as email addresses and phone numbers. Users can then be targeted with ads.

“We’re very sorry this happened and are taking steps to make sure we don’t make a mistake like this again.”
– As Twitter says in a blog post.

“We cannot say with certainty how many people were impacted by this, but in an effort to be transparent, we wanted to make everyone aware. No personal data was ever shared externally with our partners or any other third parties.” Twitter adds. “As of September 17, we have addressed the issue that allowed this to occur and are no longer using phone numbers or email addresses collected for safety or security purposes for advertising.”

Twitter doesn’t reveal to the advertisers the contact information it has collected. Such systems often work by hashing personal information on either side and then confirming identification by matching the hashes.

This is sometimes referred to as “secondary” use of information. It’s generally considered a violation of privacy norms. Users may not have consented or realized their information was being used for a purpose other than the purpose for which they provided the data.

The company called it an error and apologized for misusing user data to target ads. It also said no user data was shared externally with marketing partners or other third-parties.