SAN FRANCISCO - Twitter is notifying users that a bug may have sent direct messages and protected tweets to developers who were not authorized to receive them.

In notifications sent to users, Twitter says the bug has been around since May 2017, but it was only discovered on Sept. 10.

The U.S.-based social media giant says in a blog post that less than one per cent of its users were impacted by the bug, but does not say how many Canadian users were affected.

The company is apologizing for the error, which it says only affects direct messages users sent companies using Twitter for "things like customer service."

Twitter has launched an investigation into the matter, but says it has no reason to believe any of the data sent to unauthorized developers was misused.

Users who may be impacted by the breach are receiving notifications when they log into the platform, but the company says the users aren't being required to take further action to secure their accounts.