However, the social media platform added that the exposure had effected less than 1% of direct messages senders, which are supposed to be private, unlike normal tweets, specifically messages between users and companies - such as an airline.
In revealing the issue, Twitter said that the issue had persisted since May 2017.
"We haven't found an instance where data was sent to the incorrect party. But we can't conclusively confirm it didn't happen, so we're telling potentially impacted people about the bug. If you were potentially involved, we’ll contact you today. We’re sorry that this happened.
"Our team has been working diligently with our most active enterprise data customers and partners who have access to this API to evaluate if they were impacted. Through our work so far, and the information made available to us by our partners, we can confirm that the bug did not affect any of the partners or customers with whom we have completed our review. Over the coming days, we will continue our investigations to include a review of our remaining enterprise partners who could have been impacted."