In a blog post, the company said members who clicked or viewed an ad for a mobile application from May 2018 forward and later interacted with that app may have had certain data (such as country code and how they engaged with the ad) shared with measurement and advertising partners, even if their permissions were set to not allow that. 

“You trust us to follow your choices and we failed here,” the company wrote. “We’re sorry this happened, and are taking steps to make sure we don’t make a mistake like this again.”

Twitter says the problem was fixed on Aug. 5, but its investigation is ongoing. It has not yet determined how widespread the issue was or how many users were affected. 

Beyond sharing data with advertisers, the company says a separate issue that made assumptions about devices members use could have resulted in certain ads being shown in select feeds since last September. That data stayed within Twitter, however user privacy settings were again ignored. 

Twitter says it has also fixed that issue. 

Last year, Twitter purged over 143,000 malicious apps in an effort to boost user privacy. The company hasn’t had the same problems as Facebook, but has come under scrutiny for failing to prevent Russian propaganda outfits from creating accounts on its service and spreading misinformation prior to the U.S. presidential election.