It said that less than 10,000 active accounts would have been affected by the bug. Taking no chances, Twitter notified the account holders.
For those wondering how to get details whether their account was compromised, Twitter says that if a user "wasn't notified" then the user "wasn't affected."
"We take these incidents very seriously, and we're sorry this occurred. Any user that we find to have exploited the bug to access another account's information will be permanently suspended, and we will also be engaging law enforcement as appropriate so they may conduct a thorough investigation and bring charges as warranted," said Michael Coates, a Trust and Info Security Officer at Twitter, in a blog post.
Detailing further, Twitter said that the compromised email addresses or contact numbers could not have been used "directly to access an account."
The micro-blogging website also lists some tips for Twitter users to protect their accounts including opting for additional information needed during a password reset; use of a strong password which has at least 10 characters and a mixture of upper, lowercase letters, numbers, and symbols; can opt for log-in verification; revoke access privilege to any third party apps, and users can also look at the review logins for their accounts via Twitter data dashboard in settings.