The software “bug”, which has since been fixed, involved direct messages between users and businesses that offer customer services via Twitter.
Affected users are being notified via a message that appeared when opening the app or logging on to Twitter's website.
"The issue has persisted since May 2017," Twitter said.
The company said it had resolved the issue immediately upon discovering it, on 10 September.
The company did not say precisely how many users it had notified, but said in a statement it amounted to fewer than 1% of its total users.
The network has 335m monthly active users, according to the firm’s latest figures, published in July.
Twitter said not all direct messages, which are supposed to be private, unlike normal tweets, were at risk, just those between users and companies - such as an airline.
"We haven't found an instance where data was sent to the incorrect party," the company said.
"But we can't conclusively confirm it didn't happen, so we're telling potentially impacted people about the bug.
"If you were potentially involved, we’ll contact you today. We’re sorry that this happened."
More about: Twitter