A relatively small number of Twitter users, including a few connected to security and privacy advocacy, have been informed that their accounts have been targeted by state-sponsored hackers.

Notifications began appearing in the inboxes of affected users two days ago, with very little concrete information accompanying the warning.

Twitter said in the notification that the hackers are possibly associated with “a government,” and were trying to steal users’ email addresses, IP addresses and phone numbers attached to accounts. It’s unclear whether Twitter was compromised, or whether the accounts were targeted individually.

“At this time, we have no evidence they obtained your account information, but we’re actively investigating this matter,” Twitter said. “We wish we had more we could share, but we don’t have any additional information we can provide at this time.”

A Canadian nonprofit technology outfit called coldhak was among the first to reveal it was targeted. Motherboard reported that coldhak speculates there could be a number of reasons it was targeted, including that founder Colin Childs does contract work for the Tor Project or that the company operates a number of Tor relays. Childs’ individual account also received a warning, Motherboard said.

We received a warning from @twitter today stating we may be “targeted by state-sponsored actors” pic.twitter.com/oZm83eVFC5

— coldhak (@coldhakca) December 11, 2015

Runa Sandvik, a privacy and security researcher and a former Tor Project developer, also received a notification. She was critical of Twitter’s recommendation that victims use Tor on the Web because she says the social network frequently blocks its users.

Twitter suggests I use Tor to protect my online identity, yet frequently blocks accounts accessed over Tor. pic.twitter.com/5ChKERPscC

— Runa A. Sandvik (@runasand) December 11, 2015

In the meantime, these are the first known instances of Twitter warning its users of targeted attacks.

Facebook, in October, announced that it would begin warning users of nation-state attacks, which because of their sophistication, warrant immediate attention.

Facebook said it would only issue such warnings where evidence strongly supports its findings, yet it would not share how it determines that state-sponsored attackers are behind an intrusion. Facebook also offered victims a technical mitigation; turning on a feature called LoginApprovals that alerts account owners when an account is access from a new device or browser.