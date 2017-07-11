A large-scale hack that took over dozens of high-profile Twitter accounts to push a cryptocurrency scam earlier this month was the result of a "phone spear-phishing" attack on its employees, Twitter said, around two weeks after the incident.

"This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems," Twitter said in a statement released late on Thursday in the US.

The social media platform also said that it had "significantly limited" access to its internal tools following the phishing attack, which targeted the phones of a "small number of employees" in order to glean private information such as passwords.

"Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes," Twitter said. "This knowledge then enabled them to target additional employees who did have access to our account support tools."

The hackers targeted 130 different accounts, including those of Elon Musk, Bill Gates, Kanye West and Barack Obama. Accounts for businesses including Apple and Uber were also targeted in the hack.

The tweets, which were later deleted, asked users to send $1,000 (€876) in bitcoin donations within half-an-hour and get double the money in return.

The Bitcoin account linked in the fake tweets received nearly 12.9 bitcoins, equivalent to over $114,000 (€100,00).

The fraudsters managed to post from 45 of the accounts, download mass data from eight, and access the direct messages of 36 profiles.

"Our investigation is ongoing, and we are working with the appropriate authorities to ensure that the people responsible for this attack are identified," Twitter said.