In a blog post issued on Saturday Pacific time and summarising the situation as on Friday evening, the attackers had managed to manipulate a small number of employees and used their credentials to gain access to the company's internal systems and also bypassing the protection afforded by two-factor authentication.
"As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts," the company said.
"For 45 of those accounts, the attackers were able to initiate a password reset, log in to the account, and send Tweets. We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken.
The company said it became aware of the attackers' actions on Wednesday and took pre-emptive measures to restrict functionality for many accounts on Twitter.
This included preventing them from Tweeting or changing passwords. This was done to prevent the attackers from further spreading their scam and being able to take control of any additional accounts while the investigation was going on.
The company said that it was unlikely private information of users had been exposed. Of the 130 targeted accounts they said:
"Attackers were unable to view previous account passwords, as those are not stored in plain text or available through the tools used in the attack;
"Attackers were able to view personal information, including email addresses and phone numbers, which are displayed to some users of our internal support tools; and.
"In cases where an account was taken over by the attacker, they may have been able to view additional information. Our forensic investigation of these activities is still ongoing."