"We know you will want to know if you were personally affected, and how many people in total were involved," Twitter said.
"We are still conducting our investigation to determine who may have been impacted and If we discover more information that is useful we will share it."
Twitter discloses second ad privacy-related issue
In addition, Twitter disclosed a second ad privacy issue; however, this one didn't involve sharing data with an external partner.
The company said that since September 2018, its advertising platform made inferences about a user's devices to fine-tune ad delivery without the user's express approval.
"The data involved stayed within Twitter and did not contain things like passwords, email accounts, etc.," Twitter said.
This is how Twitter describes "inferences" on an associated help page:
For example, if you commonly use Twitter for Android around the same time and from the same network where you browse sports websites with embedded Tweets on a computer, we may infer that your Android device and laptop are related and later suggest sports-related Tweets and serve sports-related advertising on your Android device. We may also infer other information about your identity to help personalize your Twitter experience.