Twitter Inc shares fell almost 7 percent on Monday after the company said it was investigating unusual traffic that might be from state-sponsored hackers and, in what appeared to be an unrelated issue, a security firm said hackers used the platform to try to steal user data.
Twitter said in a blog that it discovered suspicious traffic to a customer-support forum while investigating a security bug that exposed data, including users' phone country codes and details on locked accounts. It said the bug was fixed Nov. 16.
Twitter observed a large amount of traffic to the customer support site coming from individual internet IP addresses in China and Saudi Arabia.
"While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors," the blog said.
"We continue to err on the side of full transparency in this area and have updated law enforcement on our findings," it said.
A company spokesman declined to elaborate as Twitter shares posted their biggest drop in more than two months.
In October, Twitter suspended bots appearing to coordinate to spread pro-Saudi talking points about the alleged killing of journalist Jamal Khashoggi.
NBC News first reported the suspension after presenting Twitter with a list of hundreds of accounts that spread identical pro-Saudi government tweets at the same time.
The Chinese government consistently denies any involvement in hacking or other forms of internet attacks and says that it is dedicated to cracking down on such behavior.
Speaking in Beijing on Tuesday, Chinese Foreign Ministry spokeswoman Hua Chunying said China's position on internet security and attacks was consistent.
China hopes all sides can deal with this issue via talks and cooperation on the basis of mutual respect, she added.
Wedbush analyst Michael Pachter blamed the decline on concerns that news of a breach could hurt growth and user engagement.
"Clearly, a breach like this impairs user trust in the platform," he said.
Separately, security software maker Trend Micro Inc said in a blog earlier on Monday that attackers sent out two tweets in October in a bid to steal data from previously infected machines.
The hackers hid instructions in tweeted memes that secretly ordered infected devices to send information, including user names, screen images and other content, Trend Micro said.
The Twitter spokesman declined to comment on the Trend Micro report.
Want to enjoy 'Zen' reading - with no ads and just the article? Subscribe todaySubscribe now