Twitter acknowledged the user data leaking incident from their side and apologized through their October 8 blog post claiming that they may have accidentally shared their user's personal data which were meant for security purposes with the advertisement farms.
The post claims that they might have "inadvertently" used their user's data that includes email id and phone numbers for advertising purposes specifically in their "Tailored Audiences and Partner Audiences advertising system".
Twitter claims that they might have matched people on Twitter to the advertiser uploaded marketing list based on the email or phone number the Twitter account holder provided for safety and security purposes. They have sincerely apologized for its mistake:
We’re very sorry this happened and are taking steps to make sure we don’t make a mistake like this again.
Twitter reportedly addressed their mistake on September 17 but have not yet specified the number of the affected users. The social media site is not accepting any mobile number or email id as useful information for the time being. They have also re-assured the users by saying that "no personal data was ever shared externally with its partners or any other third parties".
Additionally, they have advised the users to contact Twitter's Office of Data Protection through the provided form for any further information.