The firm said on Monday that one of its support forms had exposed user data to IP addresses located in China and Saudi Arabia and could not confirm whether the IPs were linked to state actors.
The compromised data included country codes of phone numbers linked to various accounts on the network and whether these had been locked by Twitter, however the company said full phone numbers and other personal data were not exposed.
Twitter said it had begun work on the issue on 15 November and had resolved it the next day and had notified the owners of the affected accounts although this didn’t stop its shares closing around 4.9% lower on Monday at US$33.4.
The company was also criticised on Monday for its role in spreading misinformation regarding Russian actors in the 2016 US presidential campaign, with two independent reports commissioned by the Senate Select Committee on Intelligence revealing a firm led by an individual with close ties to Russian president Vladimir Putin had used platforms like Twitter to influence US voters.
The reports also said that all of the tech companies reviewed had failed to provide all available data on misinformation on their platforms.
In pre-market trading Tuesday, Twitter shares were up around 1.4% at US$33.89.