The social networking giants have since fixed the "bug", but have warned an undisclosed number of users that their private messages may have been accessed by third parties for over a year.
Twitter said: "The issue has persisted since May 2017."
Affected users are being notified via a message that appears when opening the app or logging on to Twitter's website, and the company says it rectified the issue as soon as they discovered it on September 10.
Twitter did not reveal exactly how many users affected by the bug, but said in a statement it amounted to fewer than 1% of its total users.
They also claimed that not all direct messages - which are supposed to be private, unlike normal tweets - were at risk, but just those between users and companies, such as directly messaging an airline or phone company.
In their statement, the company said: "We haven't found an instance where data was sent to the incorrect party.
"But we can't conclusively confirm it didn't happen, so we're telling potentially impacted people about the bug.
"If you were potentially involved, we'll contact you today. We're sorry that this happened."