Twitter shares fell almost 7% after the company said it was investigating unusual traffic that might be from state-sponsored hackers and, in what appeared to be an unrelated issue, a security firm said hackers used the platform to try to steal user data.

Twitter said in a blog that it discovered suspicious traffic to a customer-support forum while investigating a security bug that exposed data, including users’ phone country codes and details on locked accounts. It said the bug was fixed on 16 November.

Twitter observed a large amount of traffic to the customer support site coming from individual internet IP addresses in China and Saudi Arabia.

“While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors,” the blog said. “We continue to err on the side of full transparency in this area and have updated law enforcement on our findings,” it said.

A company spokesman declined to elaborate as Twitter shares posted their biggest drop in more than two months.

A Wedbush analyst, Michael Pachter, blamed the decline on concerns that news of a breach could hurt growth and user engagement.

“Clearly, a breach like this impairs user trust in the platform,” he said.

Separately, the security software maker Trend Micro Inc said in a blog earlier on Monday that attackers sent out two tweets in October in a bid to steal data from previously infected machines.

The hackers hid instructions in tweeted memes that secretly ordered infected devices to send information, including user names, screen images and other content, Trend Micro said.

The Twitter spokesman declined to comment on the Trend Micro report.