Twitter says 130 accounts were targeted in a major cyber-attack of celebrity accounts two days ago.
However, Twitter says only a “small subset” of those 130 accounts had control seized by the attacker.
The security breach saw accounts including those of Barack Obama, Elon Musk, Kanye West and Bill Gates tweet a Bitcoin scam to millions of followers.
Twitter said it was still trying to work out if private data – which could include direct messages – was stolen.
“We’re working with impacted account-owners and will continue to do so over the next several days,” the company said, through its official support account.
“We are continuing to assess whether non-public data related to these accounts was compromised,” it added.
The FBI is now investigating.
On 15 July, a number of Bitcoin-related accounts began tweeting what appeared to be a simple Bitcoin scam, promising to “give back” to the community by doubling any Bitcoin sent to their address.
Then, the apparent scam spread to mainstream celebrity accounts such as Kim Kardashian West and former vice-president Joe Biden, and those of corporations Apple and Uber.
Twitter scrambled to contain the unprecedented attack, temporarily preventing all verified users – those with a blue tick on their accounts – from tweeting.
Attackers were able to bypass account security because they had somehow gained access to Twitter’s own internal administration tools.