In a disclosure Tuesday, the social media giant said it did not know how many users were impacted.

The issue stemmed from the company’s tailored audiences program, which allows companies to target advertisements against their own marketing lists, such as phone numbers and email addresses. But Twitter found that when advertisers uploaded their marketing lists, it matched Twitter users to the phone numbers and email addresses users submitted to set up two-factor authentication on their account.

The issue was addressed as of September 17, the disclosure said.

Two-factor authentication is an important security feature that makes it far more difficult for hackers to break into user accounts. Although some use their phone number as a way to receive two-factor codes, it’s a method that has long been vulnerable to interception and SIM swapping attacks. Users should instead switch to Twitter’s authenticator-based two-factor.

Twitter finds itself in the same boat as Facebook, which last year was caught using users’ phone numbers and email addresses, which they gave Facebook for securing their accounts, for targeted advertising. The Federal Trade Commission fined the social networking giant $5 billion earlier this year and was prohibited from using the phone numbers it obtained for setting up two-factor for advertising.