By Jim Finkle
(Reuters) - Twitter Inc
Twitter said in a blog that it discovered suspicious traffic to a customer-support forum while investigating a security bug that exposed data, including users' phone country codes and details on locked accounts. It said the bug was fixed Nov. 16.
Twitter observed a large amount of traffic to the customer support site coming from individual internet IP addresses in China and Saudi Arabia.
"While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors," the blog said.
"We continue to err on the side of full transparency in this area and have updated law enforcement on our findings," it said.
A company spokesman declined to elaborate as Twitter shares posted their biggest drop in more than two months.
Wedbush analyst Michael Pachter blamed the decline on concerns that news of a breach could hurt growth and user engagement.
"Clearly, a breach like this impairs user trust in the platform," he said.
Separately, security software maker Trend Micro Inc said in a blog earlier on Monday that attackers sent out two tweets in October in a bid to steal data from previously infected machines.
The hackers hid instructions in tweeted memes that secretly ordered infected devices to send information, including user names, screen images and other content, Trend Micro said.
The Twitter spokesman declined comment on the Trend Micro report.
(Reporting by Jim Finkle in New York; Additional reporting by Vibhuti Sharma in Bengaluru and Angela Moon in New York; Editing by Jeffrey Benkoe and Sonya Hepinstall)