Twitter said a recent hack that affected 130 accounts, some belonging to high-profile figures like Democratic presidential candidate Joe Biden and Tesla CEO Elon Musk, most likely exposed some of their direct messages.
The company said hackers stole personal data and private messages last week from at least eight targeted accounts, by using a tool that can download message archives.
In an update to its investigation Wednesday, Twitter said the hackers used credentials of a small number of company employees to access internal systems. In 45 of the accounts, the culprits reset passwords, logged into accounts and sent tweets.
“We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken,” Twitter said. “In addition, we believe they may have attempted to sell some of the usernames.”
Twitter said hackers accessed the inboxes of three dozen accounts, including one belonging to an elected official in the Netherlands, but it doesn’t appear any other political officials were breached in this way.
Twitter also said it’s working to restore access to all affected accounts and coordinating with law enforcement to develop safeguards to prevent future attacks. It also said it will update employee training to mitigate future threats.